Millions of users potentially hit by TEG ticket sales data breach

News
By
published

Australian ticketing giant allegedly suffers major cyber-incident

Cyber attack
Image Credit: Shutterstock (Image credit: No credit)

Millions of people could be at risk of phishing and social engineering, after a threat actor advertised a huge database of TEG customers on a popular hacking forum.

The unnamed hacker posted a new thread on an underground forum, offering to sell personally identifiable information (PII) on 30 million people, including people’s full names, genders, and birth dates. Furthermore, the database contained usernames and hashed passwords for the TEG account, as well as email addresses used to register those accounts. 

The publication is linking this database to a breach that happened at Ticketek (owned by TEG) roughly a month ago, and suspects that the incident might be connected to the Snowflake breaches that have been making headlines lately.

Ticketek is a major ticketing company providing ticketing services for sports, concerts, theater, and other entertainment events. It was founded in 1979 and operates mostly in Australia and New Zealand. It was acquired by TEG (formerly known as The Entertainment Group) in 2015. TEG is an integrated live entertainment, ticketing, and technology business that operates across Australia, New Zealand, and Asia.

Snowflake again?

In late May 2024, Ticketek reported on a data breach affecting Australian customers, saying the information was stored “in a cloud-based platform, hosted by a reputable, global third party supplier.” While, at the time, it said no customer accounts had been compromised, TEG added that “customer names, dates of birth and email addresses may have been impacted.” 

TEG is not yet commenting on the news. Snowflake chief information security officer Brad Jones said that the company has not “identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”

If the database turns out to be authentic, it will be the second such incident in as many months, after May’s Ticketmaster breach. In both incidents, the cause of the trouble could be Snowflake, since in both incidents, a cloud-based platform was involved.

In late May, known criminals ShinyHunters published a 1.3TB database of compromised customer data on the newly-reopened BreachForums dark web forum.

Via TechCrunch

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.