A hacker is advertising customer data he allegedly stole from Australian-based live events and ticketing company TEG on a popular hacking forum.
On Thursday, hackers sold data stolen from TEG, claiming to have information on 30 million users, including names, genders, dates of birth, usernames, hashed passwords and email addresses.
In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting the data of Australian customers. This data is “stored on a cloud-based platform hosted by a reputable global third-party vendor.”
The company said that “no Ticketek customer accounts were compromised” thanks to the encryption method used to store passwords. However, TEG acknowledged that “customer names, dates of birth and email addresses may have been affected.” This data is consistent with data advertised on hacking forums.
The hackers included samples of data believed to be stolen in their posts. TechCrunch confirmed that at least some of the data posted on the forum was legitimate by attempting to sign up for a new account using the email address posted. In many cases, Ticketek's website encountered an error indicating that the email address was already in use.
When contacted by email, a TEG spokesperson had no comment by press time.
Ticketek says on its official site that it “sells more than 23 million tickets to over 20,000 events every year.”
Ticketek did not name the “cloud-based platform hosted by a reputable global third-party vendor,” but there is evidence to suggest it may be Snowflake, which has recently been at the center of a series of data thefts affecting multiple companies. . Customers including Ticketmaster, Santander Bank and more.
The post, which has been removed from the Snowflake website since January 2023, was titled “TEG Personalizes Live Entertainment Experiences with Snowflake.” In 2022, consulting firm Altis published a case study detailing how the company worked with TEG to “build a modern data platform for ingesting streaming data into Snowflake.”
Contact us
Do you have any additional information about this incident or other breaches involving Snowflake? If it is not a work device, you can contact Lorenzo Franceschi-Bicchierai securely via Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch through SecureDrop.
When asked for comment on the Ticketek breach, Snowflake spokeswoman Danica Stanczak did not respond to our specific questions, instead referring us to the company's public statements. “We have not identified any evidence to suggest that this activity was caused by a vulnerability, misconfiguration, or breach of the Snowflake platform,” said Brad Jones, Snowflake’s chief information security officer.
A Snowflake spokesperson declined to confirm or deny whether TEG or Ticketek were Snowflake customers.
Snowflake provides businesses around the world with services that help customers store their data in the cloud. Cybersecurity company Mandiant, owned by Google, said earlier this month that cybercriminals had stolen “significant amounts of data” from several Snowflake customers. Mandiant is working with Snowflake to investigate the data breach and said in a blog post that the two companies have notified approximately 165 Snowflake customers.
Snowflake blamed its customer's hacking campaign for not using multi-factor authentication, which allowed hackers to use passwords “previously purchased or obtained through information-stealing malware.”
