A hacker has posted customer data, allegedly stolen from Australian live events and ticketing company TEG, on a well-known hacking forum.
According to Tech Crunch’s report, the hacker claimed to possess information on 30 million users, including full names, genders, dates of birth, usernames, hashed passwords, and email addresses, and offered the data for sale.
In late May, TEG-owned ticketing service Ticketek reported a data breach affecting Australian customers. The compromised data was stored on a cloud-based platform managed by a global third-party provider.
Ticketek assured customers that account passwords were secure due to encryption methods. However, the company admitted that customer names, dates of birth, and email addresses might have been exposed, matching the information the hacker claimed to have.
“Since our third-party supplier brought this to our attention … we have worked diligently to put every resource into completing an investigation so that we can communicate with customers who may have been impacted, and other stakeholders, as quickly as possible,” it said. “Our priority … is to best protect our customers, people, and all others who have entrusted us with their information. As such, we have already commenced notifying those customers who may have been impacted. We apologise for any concern that this news may cause – we will provide further updates as more information becomes available.”
The hacker included a sample of the stolen data in their forum post. Tech Crunch confirmed the legitimacy of some data by attempting to create new accounts using the posted email addresses. In several instances, Ticketek’s system indicated the email addresses were already registered.
According to its website, Ticketek handles the sale of over 23 million tickets annually for more than 20,000 events.
While Ticketek did not disclose the name of the third-party cloud service provider, Tech Crunch noted indications that Snowflake might be involved. Snowflake has been connected to a recent string of data theft incidents affecting several clients.
A now-removed post from Snowflake’s website in January 2023, titled “TEG Personalises Live Entertainment Experiences with Snowflake,” and a 2022 case study by consulting firm Altis, which described building a data platform for TEG using Snowflake, suggest a connection.
According to Tech Crunch, Snowflake spokesperson Danica Stanczak referred to a public statement by the company’s chief information security officer Brad Jones, who said there was no evidence that the breach was caused by a vulnerability or misconfiguration in Snowflake’s platform.
Ticket sales giant Ticketmaster also recently reported a breach, with hacker group ShinyHunters claiming to have stolen personal data of 560 million customers globally.