Threat actors seeking to sell 30 million customer records allegedly stolen from TEG
June 23, 2024
Threat actors are selling customer data allegedly stolen from Australia-based live events and ticketing company TEG.
TEG (Ticketek Entertainment Group) is an Australian company operating in the live entertainment and ticketing industry. The company operates across multiple countries and sells over 30 million tickets annually to over 30,000 events, including live sport, concerts, theatre, festivals and exhibitions.
First reported by TechCruch Threat actors are reportedly selling data allegedly stolen from the company on popular hacking forums.
The threat actors claim to have obtained information from 30 million users, including names, usernames, gender, dates of birth, hashed passwords, and email addresses. The threat actors shared samples of the allegedly stolen data as proof of the hack.
End of May, Ticket Tech Disclosed A cyber incident affecting Ticketek Australia account holders’ information stored on a cloud platform managed by a reputable global third-party provider.
Ticketek did not disclose the name of the third-party service provider, but experts believe it could be Snowflake, whose data breach affected 165 customers, including Ticketmaster, Santander Bank, and possibly Cylance.
At the time, the company assured customers that all passwords were securely encrypted and that no customer accounts had been compromised. The company added that online payment information had not been compromised as it was processed on a different system that was not affected, and that Ticketek does not hold any customer identification documents. Having been notified by its third-party supplier, Ticketek is actively investigating and is working to promptly notify potentially affected customers and other parties.
TechCrunch has verified the authenticity of some of the data,
Snowflake has yet to comment on its alleged involvement in the TEG data breach.Follow us on Twitter: @Security Issues and Facebook and Mastodon
(Security Affair – Hacking, data breach)