Hacker Advertises Stolen Customer Data from TEG on Hacking Forum
A recent data breach has put Australia-based live events and ticketing company TEG in the spotlight. A hacker has taken to a well-known hacking forum to advertise customer data allegedly stolen from TEG. The hacker claims to have information on 30 million users, including their full names, genders, dates of birth, usernames, hashed passwords, and email addresses.
TEG-owned ticketing company Ticketek had previously disclosed a data breach in late May that impacted Australian customers’ data. The company stated that the breach occurred in a cloud-based platform hosted by a reputable global third-party supplier. Ticketek assured customers that no customer accounts had been compromised thanks to encryption methods used to store passwords. However, they admitted that customer names, dates of birth, and email addresses may have been impacted, which aligns with the data being advertised on the hacking forum.
TechCrunch has confirmed the legitimacy of at least some of the published data by attempting to sign up for new accounts using the published email addresses. In several instances, Ticketek’s website displayed an error message, indicating that the email addresses were already in use.
When contacted for comment, a spokesperson for TEG did not respond by press time. Ticketek’s official site states that the company sells over 23 million tickets to more than 20,000 events each year.
While Ticketek did not explicitly name the cloud-based platform where the breach occurred, evidence suggests it could be Snowflake. Snowflake has been at the center of several recent data thefts affecting its customers, including Ticketmaster and Santander Bank. A now-deleted post on Snowflake’s website from January 2023 mentioned TEG and their collaboration on personalizing live entertainment experiences with Snowflake. Additionally, consulting company Altis published a case study in 2022 detailing how they worked with TEG to build a data platform using Snowflake to ingest streaming data.
When asked for comment on the Ticketek breach, Snowflake spokesperson Danica Stanczak did not address specific questions and referred to the company’s public statement. In the statement, Snowflake’s chief information security officer, Brad Jones, stated that there was no evidence suggesting the breach was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.
Snowflake’s spokesperson declined to confirm or deny whether TEG or Ticketek is a Snowflake customer. Snowflake provides data storage services in the cloud to companies worldwide. Cybersecurity firm Mandiant, owned by Google, recently reported that cybercriminals have stolen a significant volume of data from several Snowflake customers. Mandiant is collaborating with Snowflake to investigate the data breach and has notified approximately 165 Snowflake customers.
Snowflake has attributed the hacking campaign to its customers’ failure to use multi-factor authentication, which allowed hackers to exploit passwords acquired through infostealing malware or previously purchased on the dark web.