A hacker has advertised customer data allegedly stolen from Australia-based live events and ticketing company TEG on a well-known hacking forum.
On Thursday a hacker put up for sale data allegedly stolen from TEG, claiming he had information on 30 million users, including full names, genders, dates of birth, usernames, hashed passwords and email addresses.
In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customer data “stored on a cloud-based platform hosted by a reputable, global third party supplier.”
The company said that “no customer accounts of Ticketek have been compromised”, due to the encryption methods used to store their passwords. However, TEG admitted that “customer names, dates of birth and email addresses may have been affected” – data that would be consistent with the data advertised on hacking forums.
The hacker included a sample of the allegedly stolen data in his post. TechCrunch confirmed that at least some of the data published on the forum appears to be legitimate by attempting to sign up for new accounts using the published email addresses. In many cases, TikTech’s website returned an error indicating that the email addresses were already in use.
When contacted via email, a TEG spokesperson did not offer any comment till the time of going to press.
On its official site, Ticketek says the company “sells over 23 million tickets to more than 20,000 events each year.”
While Ticketek did not name the “cloud-based platform hosted by a reputable, global third party supplier,” there is evidence to suggest it may be Snowflake, which has recently been at the center of a series of data breaches affecting several of its customers, including Ticketmaster, Santander Bank and others.
A now-deleted post on Snowflake’s website from January 2023 was titled: “TEG personalizes live entertainment experiences with Snowflake.” In 2022, consulting company Altice published a case study detailing how the company worked with TEG to “build a modern data platform to incorporate streaming data into Snowflake.”
Contact
Do you have more information about this incident or other Snowflake-related breaches? From a non-working device, you can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382 or via Telegram, Keybase, and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.
When contacted for comment on the TikTek breach, Snowflake spokeswoman Danica Stanczak did not answer our specific questions, and instead referred to the company’s public statement. In it, Snowflake’s Chief Information Security Officer Brad Jones said the company “has not identified evidence that suggests this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform.”
A Snowflake spokesperson declined to confirm or deny whether TEG or Tiketek are Snowflake customers.
Snowflake provides services to companies around the world that help its customers store data in the cloud. Google-owned cybersecurity firm Mandiant said earlier this month that cybercriminals stole “a significant amount of data” from several of Snowflake’s customers. Mandiant is working with Snowflake to investigate the data breach, and revealed in a blog post that the two companies have notified about 165 Snowflake customers.
Snowflake has blamed its customers for not using multi-factor authentication for the hacking campaign, allowing the hackers to use “passwords previously purchased or obtained through information-stealing malware.”
