Important Information about the Russian Password Breach

The recent Russian hacker database of stolen online credentials was created via a well-known hacking technique known as SQL injection in which the hacker enters commands that cause a database to produce its contents. As part of our PA-DSS certification Tessitura is thoroughly tested by a third party to verify that we are not exposed to SQL injection, or any of the other OWASP Top 10 vulnerabilities. This is true for both currently supported Tessitura versions, V11 and V12. In addition, all hosted Tessitura products in the RAMP environment (this includes the TN Express Web, TN Social Ticketing and TN Mobile Plus hosted products) are scanned monthly and undergo annual deep penetration testing as part of RAMP’s PCI-DSS certification for protection against these types of attacks.

Tessitura recommends that any custom-built website or web application that accesses data using anything other than the Tessitura provided API methods should be vetted for vulnerability by the organization that built it.