Hacker claims to have 30 million customer records from Australian ticket seller giant TEG

A hacker is promoting buyer knowledge allegedly stolen from the Australia-based dwell occasions and ticketing firm TEG on a well known hacking discussion board.

On Thursday, a hacker put up on the market the alleged stolen knowledge from TEG, claiming to have data of 30 million customers, together with the total identify, gender, date of beginning, username, hashed passwords and e-mail addresses. 

In late Might, TEG-owned ticketing firm Ticketek disclosed a data breach affecting Australian clients’ knowledge, “which is saved in a cloud-based platform, hosted by a good, international third social gathering provider.” 

The corporate mentioned that “no Ticketek buyer account has been compromised,” due to the encryption strategies used to retailer their passwords. TEG conceded, nonetheless, that “buyer names, dates of beginning and e-mail addresses could have been impacted” — knowledge that will line up with that marketed on the hacking discussion board. 

The hacker included a pattern of the alleged stolen knowledge of their put up. TechCrunch confirmed that at the least a few of the knowledge printed on the discussion board seems legit by making an attempt to enroll in new accounts utilizing the printed e-mail addresses. In a variety of instances, Ticketek’s web site gave an error, suggesting the e-mail addresses are already in use.  

When reached by e-mail, a spokesperson for TEG didn’t remark by press time. 

On its official website, Ticketek says the corporate “sells over 23 million tickets to greater than 20,000 occasions every year.” 

Whereas Ticketek didn’t identify the “cloud-based platform, hosted by a good, international third social gathering provider,” there’s proof that implies it may very well be Snowflake, which has been at the center of a recent series of data thefts affecting a number of of its clients, together with Ticketmaster, Santander Bank and others. 

A now-deleted post on Snowflake’s website from January 2023 was titled: “TEG Personalises Stay Leisure Experiences with Snowflake.” In 2022, consulting firm Altis published a case study detailing how the corporate, working with TEG, “constructed a contemporary knowledge platform for ingesting streaming knowledge into Snowflake.” 

When reached for touch upon the Ticketek breach, Snowflake spokesperson Danica Stanczak didn’t reply our particular questions, and as a substitute referred to the corporate’s public assertion. In it, Snowflake chief data safety officer Brad Jones mentioned that the corporate has not “recognized proof suggesting this exercise was brought on by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”

Snowflake’s spokesperson declined to verify or deny whether or not TEG or Ticketek is a Snowflake buyer. 

Snowflake offers corporations everywhere in the world with providers that assist its clients retailer knowledge within the cloud. Cybersecurity agency Mandiant, owned by Google, mentioned earlier this month that cybercriminals have stolen a “significant volume of data” from several Snowflake customers. Mandiant is working with Snowflake to research the information breach, and disclosed in a weblog put up that the 2 corporations have notified round 165 Snowflake clients. 

Snowflake has blamed the hacking marketing campaign on its clients for not utilizing multi-factor authentication, which allowed hackers to make use of passwords “beforehand bought or obtained by means of infostealing malware.”