A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum.
On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information of 30 million users, including the full name, gender, date of birth, username, hashed passwords, and email addresses.
In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers’ data, “which is stored in a cloud-based platform, hosted by a reputable, global third party supplier.”
The company said that “no Ticketek customer account has been compromised,” thanks to the encryption methods used to store their passwords. TEG conceded, however, that “customer names, dates of birth and email addresses may have been impacted” — data that would line up with that advertised on the hacking forum.
The hacker included a sample of the alleged stolen data in their post. TechCrunch confirmed that at least some of the data published on the forum appears legitimate by attempting to sign up for new accounts using the published email addresses. In a number of cases, Ticketek’s website gave an error, suggesting the email addresses are already in use.
When reached by email, a spokesperson for TEG did not comment by press time.
On its official site, Ticketek says the company “sells over 23 million tickets to more than 20,000 events each year.”
While Ticketek did not name the “cloud-based platform, hosted by a reputable, global third party supplier,” there is evidence that suggests it could be Snowflake, which has been at the center of a recent series of data thefts affecting several of its customers, including Ticketmaster, Santander Bank, and others.
A now-deleted post on Snowflake’s website from January 2023 was titled: “TEG Personalises Live Entertainment Experiences with Snowflake.” In 2022, consulting company Altis published a case study detailing how the company, working with TEG, “built a modern data platform for ingesting streaming data into Snowflake.”
Contact Us
Do you have more information about this incident, or other breaches related to Snowflake? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.
When reached for comment on the Ticketek breach, Snowflake spokesperson Danica Stanczak did not answer our specific questions, and instead referred to the company’s public statement. In it, Snowflake chief information security officer Brad Jones said that the company has not “identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”
Snowflake’s spokesperson declined to confirm or deny whether TEG or Ticketek is a Snowflake customer.
Snowflake provides companies all over the world with services that help its customers store data in the cloud. Cybersecurity firm Mandiant, owned by Google, said earlier this month that cybercriminals have stolen a “significant volume of data” from several Snowflake customers. Mandiant is working with Snowflake to investigate the data breach, and disclosed in a blog post that the two companies have notified around 165 Snowflake customers.
Snowflake has blamed the hacking campaign on its customers for not using multi-factor authentication, which allowed hackers to use passwords “previously purchased or obtained through infostealing malware.”