I provvedimenti spiegati alle aziende
con guide, checklist, modelli; AI assisted
Osservatorio a cura del dott. V. Spataro 



   chatbot 2023-04-07 ·  NEW:   Appunta · Stampa · Cita: 'Doc 96626' · pdf

ICO - Chatbot con codice malevolo tracciante di ogni attività

abstract:



Lo script monitorava anche ogni tasto premuto al di fuori della conversazione tramite uno script modificato nel tempo.


Link: https://ico.org.uk/media/action-weve-taken/2618609




analisi:

L'analisi è riservata agli iscritti. Segui la newsletter dell'Osservatorio oppure il Podcast iscrizione gratuita 30 giorni

....... .. ......, .. ...... ....... ......... ... .......

.. .......... ............ .......... .. ..........

......... ...... (. ... ..... .. .......... .. ..... .....) .... ...... ..... .. ...... ........




index:




testo:

3

3.38.1 Ticketmaster explained the operation of the chat bot as follows:

3. Inbenta Technologies provided Ticketmaster with a number of services, including a chatbox service (the "Inbenta Chatbot").

The Inbenta Chatbot provided a customer service interface with Ticketmaster's customers on certain Ticketmaster platforms. The Inbenta Chatbot was active on some international Ticketmaster pages by default, so the user did not need to engage with the Inbenta Chatbot for it to be operational.

In summary, the Inbenta Malicious Code was present in the Inbenta Chatbot in certain, but not all instances, where the Inbenta Chatbot was operational. Based on the information available to Ticketmaster it appears that the Inbenta Malicious Code was capable of capturing any data input by user into Ticketmaster websites where the Inbenta Malicious Code was operational. Accordingly we assess that the Inbenta Malicious Code was capable of capturing customers' personal data, including name, address, email address, full credit card number, CVV, and Ticketmaster username and password, and sending them to the attacker .e... "

3.38.2 Ticketmaster stated that, as of 13 July 2018, approximately 500 complaints had been received by it.

3.38.3 Further, Ticketmaster stated: "As part of Ticketmaster's GDPR readiness programme, Ticketmaster invested £2.5 million on an internal privacy portal to deal with data subject rights issues, including complaints.e"

---

3.41 By a letter dated 29 November 2018, the Commissioner requested further information from Ticketmaster. By a letter dated 7 December 2018, Ticketmaster provided further information in response to the Commissioner's letter dated 29 November 2018. The information so provided included information concerning the chat bot provided by Inbenta. Ticketmaster stated:

"The chatbot provided by Inbenta Technologies ("Inbenta") and deployed on certain Ticketmaster webpages was a customer support tool that enabled customers to quickly and easily obtain "self-service" customer support. The chatbot was deployed on payment and checkout pages, consistent with industry practice, not to collect cardholder data, but to instead allow customer's access to quick customer service support at critical junctures within the payment purchase process. It was not intended to and did not in fact store, process or transmit cardholder data subject to the Payment Card Information Data Security Standard ("PCI-DSS"). Against this background, Ticketmaster did not query with Inbenta whether PCI­ DSS would be applied in respect of the chatbot, instead, Ticketmaster sought to assure itself that the chatbot would not itself process or transmit payment card data .e.... Relying on Inbenta's attestations as to the operation of the chatbot, and also the parties' mutual understanding of the chatbot's purpose and functionality, Ticketmaster reasonably did not require the Inbenta chatbot to maintain compliance with PCI-DSS. The tactics of the criminal actors who infected the Inbenta chatbot with malicious code so as to facilitate their own independent collection of cardholder data directly from customers were unusual and innovative, and could not have been reasonably anticipated.e"

3.42 By a letter dated 18 December 2018, the Commissioner requested further information from Ticketmaster. By a letter dated 21 January 2019, Ticketmaster provided further information in response to the Commissioner's letter dated 18 December 2018. Ticketmaster stated: "When companies like Ticketmaster contract with third parties to provide third-party software, the contracting company rarely has 23 visibility into the changes made to third-party scripts served from the TPV's [i.e. third party vendor] own servers."


Link: https://ico.org.uk/media/action-weve-taken/2618609

Testo del 2023-04-07




Commenta



i commenti sono anonimi e inviati via mail e cancellati dopo aver migliorato la voce alla quale si riferiscono: non sono archiviati; comunque non lasciare dati particolari. Si applica la privacy policy.


Ricevi gli aggiornamenti su ICO - Chatbot con codice malevolo tracciante di ogni attività e gli altri post del sito:

Email: (gratis Info privacy)






Nota: il dizionario è aggiornato frequentemente con correzioni e giurisprudenza