Fans of Adele were shocked today when trying to book tickets to her upcoming tour after a possible security breach.
Customers buying tickets to Adele's new tour were shown other people's shopping baskets and bank details. The company Songkick denies any security breach. It has claimed no breach of security occurred and that its systems are secure. It has claimed the odd anomalies occurred because of the volume of people trying to buy tickets at once. Although on the website it is claimed that there is no evidence that credit card numbers or passwords were compromised but that customers should remain vigilant and check their statements.
However it is possible the website (code) may have been written insecurely. According to security commentator Graham Cluely, talking to the BBC, “the thing is this - if the website had been built properly in the first place it shouldn't have been possible for customers to see the details of other purchasers at all - regardless of whether the site was busy or not.”
In an email to SC, Paul Farrington, senior solution architect at Veracode commented: "It's very likely that a combination of code review and Automated Static Analysis would have uncovered this problem before Adele arrived back at the top of the charts. Testing automation can help assess sites in minutes, giving developers peace of mind before their software encounters the public. Adversaries will be watching for other sites that use the same underlying ticketing technology to see if this discovery facilitates further data leakage."
What appears to be a similar issue occurred with the Marks and Spencers site in October when shoppers were complaining they were seeing other customers payment details and shopping baskets. There may be a possible connection to both these cases as they seem like very similar errors in online transactions, with regards to the website showing other people details, but it has not yet been possible to confirm if the same approach had been used by both websites.
Some fans reported their experiences on Twitter, some encountering hour-long online queues, while purchasing the high-in-demand tickets for Adele's first tour since 2011.
Kiran Farmah, in Birmingham, tweeted, “I got through to buying tickets but it came up with someone else's screen with their card details & home address for SSE.”
“Got through, four tickets Glasgow, came up with two tickets for London and someone else's name/address,” said Michael Crow.