Hacker claims to have 30 million customer records of Australian ticketing giant TEG

A hacker is promoting on a widely known hacker forum customer data allegedly stolen from Australian live events and ticketing company TEG.

On Thursday, the hacker put allegedly stolen TEG data up on the market, claiming to have details about 30 million users, including name, gender, date of birth, username, encrypted passwords and email addresses.

At the top of May, Ticketek, an organization owned by TEG, starts selling tickets disclosed an information breach affecting Australian customer data “which is stored on a cloud-based platform hosted by a reputable, global third-party provider”.

The company stated that “no Ticketek customer accounts were compromised” thanks to the encryption methods used to store their passwords. However, TEG admitted that “customer names, dates of birth and email addresses may have been affected” – data that overlapped with that advertised on the hacker forum.

The hacker included a sample of allegedly stolen data in his post. TechCrunch confirmed that at the least some of the information posted on the forum appears to be legitimate by attempting to arrange recent accounts using the e-mail addresses posted. In many cases, the Ticketek website displayed an error, suggesting that email addresses were already taken.

A TEG spokesperson reached by email didn’t comment by press time.

On its official website, Ticketek states that the corporate “sells over 23 million tickets to over 20,000 events each year.”

While Ticketek didn’t name its “cloud-based platform hosted by a reputable, global third-party provider,” there’s evidence to suggest it would be the snowflake behind a recent spate of data thefts affecting several of its clients, including Ticketmaster, Santander Bank and others.

Now deleted post on the Snowflake website as of January 2023, it was titled: “TEG Personalizes Live Entertainment Experiences with Snowflake.” In 2022, Altis consulting company published a case study detailing how the corporate partnered with TEG “built a modern data platform to accept streaming data into Snowflake.”

When asked to comment on the Ticketek breach, Snowflake spokeswoman Danica Stańczak didn’t respond to our specific questions and as an alternative referred to the corporate’s public statement. Brad Jones, Snowflake’s chief information security officer, said in a press release that the corporate “has not identified evidence to suggest that this action was caused by a security vulnerability, misconfiguration or breach of the Snowflake platform.”

A Snowflake spokesman declined to confirm or deny whether TEG or Ticketek are Snowflake customers.

Snowflake provides corporations around the globe with services that help their customers store data within the cloud. Google-owned cybersecurity firm Mandiant reported earlier this month that cybercriminals had stolen a “significant amount of data” from several Snowflake customers. Mandiant is working with Snowflake to investigate the information breach and in a blog post revealed that the 2 corporations have notified roughly 165 Snowflake customers.

Snowflake blames the hacking campaign on its customers for not using multi-factor authentication, which allowed hackers to use passwords “previously purchased or obtained through stolen information.”