A hacker is promoting buyer knowledge allegedly stolen from Australia-based reside occasions and ticketing firm TEG, on a widely known hacking discussion board.
On Thursday, a hacker put up on the market knowledge allegedly stolen from TEG, claiming to have data on 30 million customers, together with full identify, gender, date of delivery, username, hashed passwords and e mail addresses.
In late Could, TEG-owned ticket firm Ticketek Revealed a data breach Which impacts Australian prospects’ knowledge, “which is saved in a cloud platform, hosted by a good international third-party provider.”
The corporate mentioned that “no Ticketek buyer accounts had been compromised,” due to the encryption strategies used to retailer their passwords. Nonetheless, TEG acknowledged that “buyer names, dates of delivery, and e mail addresses could have been affected” — knowledge that will be consistent with that introduced on the hacking discussion board.
The hacker included a pattern of the allegedly stolen knowledge in his put up. TechCrunch has confirmed that at the very least a number of the knowledge posted on the discussion board gave the impression to be professional by trying to enroll in new accounts utilizing the e-mail addresses posted. In quite a few circumstances, the Ticketek web site gave an error, indicating that e mail addresses had been already in use.
When contacted through e mail, a TEG spokesperson had no remark at press time.
Ticketek says on its official web site that the corporate “sells greater than 23 million tickets to greater than 20,000 occasions annually.”
Whereas Ticketek didn’t identify the “cloud platform, hosted by a good international third-party vendor,” there may be proof to recommend it may very well be Snowflake, which has been on the middle of a current spate of information thefts which have affected a number of of its firms. Shoppers, together with Ticketmaster, Santander Financial institution and others.
Now deleted post on Snowflake’s website From January 2023 titled: “TEG Personalizes Reside Leisure Experiences with Snowflake”. In 2022, consulting agency Altis Case study published It particulars how the corporate, in collaboration with TEG, “created a contemporary knowledge platform to ingest streaming knowledge into Snowflake.”
name us
Do you’ve got extra details about this incident or different Snowflake-related breaches? From a non-work system, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram, Keybase, Wire @lorenzofb or e mail. You may also contact TechCrunch through SecureDrop.
When reached for touch upon the Ticketek breach, Snowflake spokeswoman Danica Stanczak didn’t reply our particular questions, as a substitute referring to the corporate’s normal assertion. Brad Jones, Snowflake’s chief data safety officer, mentioned the corporate “has not recognized proof that this exercise was because of a safety vulnerability, misconfiguration, or hacking of the Snowflake platform.”
A Snowflake spokesperson declined to verify or deny whether or not TEG or Ticketek are Snowflake prospects.
Snowflake gives firms around the globe with companies that assist their prospects retailer knowledge within the cloud. Cybersecurity agency Mandiant, which is owned by Google, mentioned earlier this month that cybercriminals stole a “vital quantity of information” from a number of Snowflake prospects. Mandiant is working with Snowflake to research the information breach, and revealed in a weblog put up that the 2 firms have notified about 165 Snowflake prospects.
Snowflake blamed the hacking marketing campaign on its prospects for not utilizing multi-factor authentication, which allowed hackers to make use of passwords “beforehand bought or obtained by means of malware to steal data.”
