A hacker is advertising customer data allegedly stolen from Australia-based live events and ticketing company TEG, on a well-known hacking forum.
On Thursday, a hacker put up for sale data allegedly stolen from TEG, claiming to have information on 30 million users, including full name, gender, date of birth, username, hashed passwords, and email addresses.
In late May, TEG-owned ticket company Ticketek Detected a data breach Which affects Australian customers’ data, “which is stored in a cloud platform, hosted by a reputable global third-party supplier.”
The company said that “no Ticketek customer accounts were compromised,” thanks to the encryption methods used to store their passwords. However, TEG acknowledged that “customer names, dates of birth, and email addresses may have been affected” — data that would be in line with that announced on the hacking forum.
The hacker included a sample of the allegedly stolen data in his post. TechCrunch has confirmed that at least some of the data posted on the forum appeared to be legitimate by attempting to sign up for new accounts using the email addresses posted. In a number of cases, the Ticketek website gave an error, indicating that email addresses were already in use.
When contacted via email, a TEG spokesperson had no comment at press time.
Ticketek says on its official website that the company “sells more than 23 million tickets to more than 20,000 events each year.”
While Ticketek did not name the “cloud platform, hosted by a reputable global third-party vendor,” there is evidence to suggest it may be Snowflake, which was At the heart of a recent spate of data theft Which affects many of its clients, including Ticket manager, Santander Bankand others.
Now deleted post on Snowflake’s website From January 2023 titled: “TEG Personalizes Live Entertainment Experiences with Snowflake”. In 2022, consulting firm Altis Case study published It details how the company, in collaboration with TEG, “created a modern data platform to ingest streaming data into Snowflake.”
call us
Do you have more information about this incident or other Snowflake-related breaches? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase, Wire @lorenzofb, or e-mail. You can also contact TechCrunch via SecureDrop.
When reached for comment on the Ticketek breach, Snowflake spokeswoman Danica Stanczak did not answer our specific questions, instead referring to the company’s general statement. Brad Jones, Snowflake’s chief information security officer, said the company “has not identified evidence to suggest that this activity was due to a security vulnerability, misconfiguration, or hacking of the Snowflake platform.”
A Snowflake spokesperson declined to confirm or deny whether TEG or Ticketek are Snowflake customers.
Snowflake provides companies around the world with services that help their customers store data in the cloud. Cybersecurity firm Mandiant, which is owned by Google, said earlier this month Cybercriminals have stolen a “large amount of data” from several Snowflake customers. Mandiant is working with Snowflake to investigate the data breach, and revealed in a blog post that the two companies have notified about 165 Snowflake customers.
Snowflake blamed the hacking campaign on its customers for not using multi-factor authentication, which allowed hackers to use passwords “previously purchased or obtained through malware to steal information.”