Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and beginning April 20th, 2021 (Eastern Time) the Yahoo Answers website will be in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

have ticketmaster been hacked?

Just received an email proportion to be from Abode- wishing me a happy Xmas and suggesting that I upgrade Adobe reader?

The oddest thing is that the hyperlinks to upgrade ( http://www.2012-acrobat-adobe-download.com/ ) actually points to ticketmaster.com.

Having looked through the header it looks as though the email actually came from ticketmaster or am I miss-reading the header?

i have obscured personal details...

Delivered-To: me@myforwardedemailaddress.co.uk

Received: by 10.229.231.9 with SMTP id jo9cs13170qcb;

Sat, 11 Feb 2012 07:21:03 -0800 (PST)

Received: by 10.216.136.200 with SMTP id w50mr3911040wei.2.1328973662465;

Sat, 11 Feb 2012 07:21:02 -0800 (PST)

Return-Path: <return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com>

Received: from web1.myprovider.co.uk (ns0.myprovider.co.uk. [193.189.75.xxx])

by mx.google.com with ESMTPS id z8si6378700wec.53.2012.02.11.07.21.02

(version=TLSv1/SSLv3 cipher=OTHER);

Sat, 11 Feb 2012 07:21:02 -0800 (PST)

Received-SPF: fail (google.com: domain of return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com does not designate 193.189.75.xxx as permitted sender) client-ip=193.189.75.xxx;

Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com does not designate 193.189.75.xxx as permitted sender) smtp.mail=return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com

Received: from sms1-els203-80.mm.ticketmaster.com ([209.104.36.80])

by web1.myprovider.co.uk with esmtp (Exim 4.69)

(envelope-from <return_smverp_.16817231.1414343.DATABASEID.1445403.830562067.108483._smverp_.me=mydomain.co.uk@ab.mm.ticketmaster.com>)

id 1RwEkx-0006uR-GT

for me@mydomain.co.uk; Sat, 11 Feb 2012 15:20:59 +0000

Received: from sms2.mm.els203.clisys.tmcs ([10.75.20.210])

by sms1-els203-80.mm.ticketmaster.com (-); Sat, 11 Feb 2012 07:20:48 -0800

X-VirtualServer: Default, sms1-els203-80.mm.ticketmaster.com, 10.75.20.210

X-VirtualServerGroup: Default

X-MailingID: 16817231::1414343::DATABASEID::1445403::830562067::108483

X-SMHeaderMap: mid="X-MailingID"

X-Destination-ID: me@mydomain.co.uk

X-SMFBL: ZGFyeWxAaW1hZ2luYXJ5bnVtYmVyLmNvLnVr

Content-Transfer-Encoding: 7bit

Content-Type: multipart/alternative;

boundary="----=_NextPart_20E_319A_07D69C25.6F65301D"

MIME-Version: 1.0

Message-ID: <16817231.108483@TICKETWEB.CO.UK>

Subject: =?UTF-8?B?QWN0aW9uIFJlcXVpcmVkIDogVXBkYXRlIFlvdXIgUERGIEFwcGxpY2F0aW9u?=

Date: Sat, 11 Feb 2012 07:20:48 -0800

To: me@mydomain.co.uk

From: "=?UTF-8?B?QWRvYmUgQWNyb2JhdCBSZWFkZXI=?=" <MAILINGS@TICKETWEB.CO.UK>

X-Spam-Status: No, score=-1.9

X-Spam-Score: -18

X-Spam-Bar: -

X-Ham-Report: Spam detection software, running on the system "web1.myprovider.co.uk", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.

Content preview: INTRODUCING UPGRADED ADOBE ACROBAT READER 2012 Since the Holidays

are in full swing and the New Year is approaching, we've decided to unveil

our latest Adobe PDF Reader/Writer 2012 Version http://smr.mm.ticketmaster.com/track?type=click&en...

[...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium

trust

[209.104.36.80 listed in list.dnswl.org]

1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist

[URIs: 2012-acrobat-adobe-download.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-1.8 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain

-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%

[score: 0.0000]

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

1.4 AWL AWL: From: address is in the auto white-list

X-Spam-Flag: NO

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - web1.myprovider.co.uk

X-AntiAbuse: Original Domain - mydomain.co.uk

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - ab.mm.tick

Update:

I agree Tony

It is worrying that they don't even know what will happen if one clicks on the hyperlinks in the email body- which are on their own servers.

Points to you for being the first to reply, tnx

Update 2:

I agree Tony

It is worrying that they don't even know what will happen if one clicks on the hyperlinks in the email body- which are on their own servers.

Points to you for being the first to reply, tnx

Update 3:

Thanks Lell

I too got that email.

Update 4:

Thanks Miah

The fact that the email wished me a happy christmas was a bit of a giveaway...

3 Answers

Relevance
  • Anonymous
    9 years ago
    Favorite Answer

    Yes. Someone has at least their list of registered emails (spam is being received to unique email addresses) and the power to send spam emails from the ticketmaster servers right now - and who knows what else they have.

    Ticketmaster are currently pretending nothing has happened, which is worrying as it opens the possibility that they don't have enough auditing on their servers to actually *know*.

    Source(s): Various mailing lists.. www.twitter.com/ticketmaster is either amusing or tragic depending on your point of view.
  • 9 years ago

    I also got a dodgy "Adobe update" email but have just received the following email from Ticketweb.co.uk ...

    " Urgent Alert: Please Read this Important Message from TicketWeb

    Dear TicketWeb Customer,

    We have discovered that our TicketWeb UK direct email marketing system was exposed to unauthorised access. As a result, you may have received up to four emails on Saturday, February the 11th, from an unauthorised party with the subject as "Action Required: Update Your PDF Application" and containing a link to update an Adobe Acrobat PDF application. Please do not click this link, but delete the email.

    We have taken immediate action to close the vulnerability. You can rest assured that none of your credit card information was vulnerable during this attack.

    We sincerely regret any inconvenience this has caused. We are continuing to investigate this unauthorised access, and will send you a follow-up email when we have additional information.

    Please contact www.ticketweb.co.uk/helpdesk with any questions you may have. Thank you for your understanding as we continue to resolve this concern. "

    Ticketmaster own Ticketweb so hope this helps,

    Lesley

  • Miha L
    Lv 7
    9 years ago

    Email trackers show that it comes really from ticketmaster:

    http://www.ip-address.org/tracker/trace-email.php

    http://www.ipaddresslocation.org/email-tracking/em...

    http://www.find-ip-address.org/email-search/find-e...

    ------------------------------------------------------------------------------

    IP Address: 209.104.36.80

    Hostname: sms1-els203-80.mm.ticketmaster.com

    IP Address Country: United States

    IP Continent: North America

    IP Address City Location: Los Angeles

    IP Address Region: California

    IP Address Latitude: 34.0416,

    IP Address Longtitude: -118.2988

    Organization: Ticketmaster Online - CitySearch

    ISP: Ticketmaster Online - CitySearch

    ----------------------------------------------

    Simple ignore it.

Still have questions? Get your answers by asking now.