Hacker Claims Access to 30 Million Customer Records from Australian Ticketing Giant TEG

A hacker has announced the sale of customer data allegedly stolen from TEG, an Australia-based live events and ticketing company, on a popular hacking forum.

On Thursday, the hacker claimed to have obtained information on 30 million users, including full names, gender, dates of birth, usernames, hashed passwords, and email addresses.

In late May, TEG-owned Ticketek reported a data breach impacting Australian customers’ data stored on a cloud-based platform hosted by a reputed global third-party supplier. The company assured that no Ticketek customer accounts were compromised due to robust encryption of passwords. However, they acknowledged that customer names, dates of birth, and email addresses might have been affected, aligning with the data advertised by the hacker.

The hacker provided a sample of the alleged stolen data, which TechCrunch verified by attempting to register new accounts with the listed email addresses. In several instances, Ticketek’s website indicated the emails were already in use, suggesting the data's legitimacy.

A TEG spokesperson did not respond to a request for comment.

Ticketek’s website states the company sells over 23 million tickets for more than 20,000 events annually. While the company did not disclose the cloud-based platform involved, evidence points to Snowflake, which has recently been linked to multiple data theft incidents affecting several of its clients, including Ticketmaster and Santander Bank.

A now-deleted post on Snowflake’s website from January 2023 discussed TEG's use of Snowflake to personalize live entertainment experiences. Additionally, a 2022 case study by consulting company Altis detailed their collaboration with TEG to build a modern data platform for streaming data into Snowflake.

Snowflake, which helps companies globally store data in the cloud, has been dealing with a significant data breach. Cybersecurity firm Mandiant, owned by Google, recently reported that cybercriminals have stolen substantial data from several Snowflake customers. Mandiant and Snowflake have notified around 165 affected customers, attributing the breaches to customers’ failure to implement multi-factor authentication, allowing hackers to exploit passwords obtained through info-stealing malware.