Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

Pierluigi Paganini June 23, 2024

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG.

TEG (Ticketek Entertainment Group) is an Australian company that operates in the live entertainment and ticketing industry. The company operates across multiple countries and sells over 30 million tickets annually for more than 30,000 events, including live sports, concerts, theatre, festivals, and exhibitions.

TechCruch first reported that a threat actor is offering for sale data allegedly stolen from the company on a popular hacking forum.

The threat actor claims to have obtained information from 30 million users, including full name, username, gender, date of birth, hashed passwords, and email addresses. The threat actor shared a sample of the alleged stolen data as proof of the hack.

At the end of May, Ticketek disclosed a cyber incident affecting the information of Ticketek Australia account holders, which is stored on a cloud platform managed by a reputable global third-party provider.

Ticketek did not share the name of the third-party services provider, but experts believe it could be Snowflake. The data breach suffered by Snowflake impacted 165 customers, including TicketmasterSantander Bank and maybe Cylance.

At the time, the company assured that all passwords were securely encrypted and no customer accounts had been compromised. The company added that online payment information was not compromised as it is processed through a separate, unaffected system, and Ticketek does not hold customers’ identity documents. Upon being informed by the third-party supplier, Ticketek has been actively investigating and working to inform potentially impacted customers and other stakeholders promptly.

While TechCrunch verified the legitimacy of some data, Snowflake has yet to provide a comment on its alleged involvement in the TEG data breach.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, data breach)

you might also like

leave a comment