Hacker claims to have 30 million customer records from Australian ticket seller giant TEG

A hacker has advertised customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum.

On Thursday, a hacker listed for sale the purportedly stolen data from TEG, claiming to possess information on 30 million users, including full names, genders, dates of birth, usernames, hashed passwords, and email addresses.

In late May, TEG-owned ticketing company Ticketek revealed a data breach affecting Australian customers’ data, which is stored in a cloud-based platform hosted by a reputable global third-party supplier.

The company stated that no Ticketek customer accounts had been compromised due to the encryption methods used to store their passwords. However, TEG acknowledged that customer names, dates of birth, and email addresses may have been impacted — data that aligns with what was advertised on the hacking forum.

The hacker shared a sample of the alleged stolen data in their post. DailyTech verified that some of the data published on the forum appears legitimate by attempting to create new accounts using the published email addresses. In several instances, Ticketek’s website displayed an error, indicating that the email addresses were already in use.

When contacted via email, a spokesperson for TEG did not provide a comment at the time of press.

On its official website, Ticketek states that the company sells over 23 million tickets to more than 20,000 events annually.

While Ticketek did not disclose the specific cloud-based platform hosted by a reputable global third-party supplier, there is evidence suggesting it could be Snowflake, which has been linked to a series of recent data thefts affecting various customers, including Ticketmaster, Santander Bank, and others.

A post on Snowflake’s website from January 2023 titled “TEG Personalises Live Entertainment Experiences with Snowflake” has since been deleted. In 2022, consulting company Altis published a case study outlining how they, in collaboration with TEG, developed a modern data platform for ingesting streaming data into Snowflake.

When asked for comment on the Ticketek breach, Snowflake spokesperson Danica Stanczak did not address specific questions and referred to the company’s public statement. Snowflake’s Chief Information Security Officer Brad Jones stated that there is no evidence indicating this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.

Snowflake’s spokesperson declined to confirm or deny whether TEG or Ticketek is a Snowflake customer.

Snowflake offers services to companies worldwide to help store data in the cloud. Cybersecurity firm Mandiant, a Google-owned company, reported earlier this month that cybercriminals have stolen a significant amount of data from several Snowflake customers. Mandiant is collaborating with Snowflake to investigate the data breach and disclosed in a blog post that approximately 165 Snowflake customers have been notified.

Snowflake attributed the hacking campaign to its customers not utilizing multi-factor authentication, which allowed hackers to use passwords acquired through previous purchases or infostealing malware.