Hackers are advertising customer data they have allegedly stolen from Australia-based live events and ticketing company TEG on a popular hacking forum.
On Thursday, hackers put up for sale data they allegedly stole from TEG, claiming to have information on 30 million users, including names, genders, dates of birth, usernames, hashed passwords and email addresses.
In late May, TEG-owned ticket sales company Ticketek disclosed a data breach affecting Australian customer data, “which is stored on a cloud-based platform hosted by a trusted global third-party supplier.”
The company said that “no Ticketek customer accounts were compromised” due to the encryption method used to store passwords, but TEG acknowledged that “customer names, dates of birth and email addresses may have been affected,” which matches data advertised on hacking forums.
The hackers included samples of the allegedly stolen data in their posts. TechCrunch confirmed that at least some of the data published in the forums was legitimate by attempting to sign up for new accounts using the exposed email addresses. In many cases, Ticketek's website displayed an error suggesting the email address was already in use.
A TEG spokesperson declined to comment by email at the time of publication.
According to Ticketek's official website, the company “sells over 23 million tickets to over 20,000 events each year.”
Ticketek did not name the “cloud-based platform hosted by a reputable global third-party supplier,” but evidence suggests it may be Snowflake, which has been at the center of a series of recent data thefts that affected several customers, including Ticketmaster and Santander Bank.
A January 2023 post (now deleted) on Snowflake's website was headlined “TEG Personalizes Live Entertainment Experiences with Snowflake.” In 2022, consulting firm Altice published a case study detailing how the company worked with TEG to “build a modern data platform for ingesting streaming data into Snowflake.”
Contact Us Do you have more information about this or any other Snowflake-related breaches? You can securely contact Lorenzo Franceschi-Bicchierai from a non-work device via Signal (+1 917 257 1382), Telegram, Keybase, Wire @lorenzofb, or email. You can also contact TechCrunch via SecureDrop.
Snowflake spokeswoman Danica Stanczak, reached for comment on the Ticketek breach, did not answer specific questions and referred users to the company's public statement, in which Snowflake's chief information security officer Brad Jones said the company has “not seen any evidence to suggest that this activity was caused by a vulnerability, misconfiguration or compromise of the Snowflake platform.”
A Snowflake spokesman would not confirm or deny whether TEG or Ticketek are Snowflake clients.
Snowflake provides a service to businesses around the world that allows customers to store data in the cloud. Google-owned cybersecurity firm Mandiant said earlier this month that cybercriminals had stolen “large amounts of data” from several Snowflake customers. Mandiant said in a blog post that it was working with Snowflake to investigate the data breach and that the two companies had notified about 165 Snowflake customers.
Snowflake blamed the hack on customers' failure to use multi-factor authentication, which allowed hackers to use passwords “previously purchased or obtained through information-stealing malware.”