Hacker Claims Theft of 30M TEG Customer Records

A hacker using the alias “Sp1d3r” has claimed to have breached Ticketek Entertainment Group (TEG), compromising the personal data of approximately 30 million users. The stolen data has allegedly been posted for sale on the notorious BreachForums with an asking price of $30,000.

The hacker claims the breached database contains sensitive information such as full names, genders, business details, dates of birth, usernames, and hashed passwords. This assertion follows an earlier disclosure of a data breach by TEG on May 31, acknowledging a data breach that potentially exposed customer names, dates of birth, and email addresses. While TEG initially stated that no user accounts or payment information were compromised, they have yet to confirm or deny the hacker’s latest claims.

TEG is a prominent Australian ticketing and live entertainment company with a user base of around 30 million. The company’s platforms, including Ticketek, Eventopia, and Softix, serve millions of customers annually. Despite the potential scope of the breach, TEG has not provided specific details about the incident or the cloud service involved.

Evidence suggests a potential link to the Snowflake data theft campaign, which has impacted numerous organizations. The Snowflake campaign involved the exploitation of credentials obtained through infostealer malware, which were then used to target accounts with poor password hygiene. This campaign has been responsible for breaches in several major organizations, including Ticketmaster, Santander Bank, and others.

Cybersecurity firm Mandiant, owned by Google, has been investigating the broader impact of the Snowflake breaches, which affected approximately 165 organizations in total. The firm highlighted that many of the compromised credentials had been vulnerable for over four years.

Users affected by the TEG breach are advised to monitor their financial accounts, change passwords, and remain vigilant against phishing attempts.