Home 30M records stolen from ticketing company

30M records stolen from ticketing company

June 24th – In May, the Australian corporation known as Ticketek — which sells more than 23 million tickets to over 20,000 events each year — suffered through a data breach.

The data had been stored by a cloud-based supplier — possibly Snowflake. At the time of the breach, no customer accounts were compromised, according to Ticketek.

However, shortly thereafter, subsidiary TEG announced that customer names, dates of birth, email addresses and hashed passwords “may have been impacted.”

Data for sale on dark web

Now, those names, DOBs, email addresses and hashed passwords appear to be for sale on the dark web. According to experts who have tested “pockets” of data, the sampled data appears to be legitimate.

In theory, given the availability of email addresses and hashed passwords, attackers may attempt to crack the hashes, gaining unauthorized access to user accounts. This could result in further breaches or account takeovers.

Cloud misconfiguration

Snowflake’s Chief Information Security Officer has issued a public statement saying that there is nothing to suggest that the Ticketek data breach was caused by a vulnerability, misconfiguration of breach of Snowflake’s platform.

When reached for comment, a Snowflake spokesperson could not confirm whether or not Ticketek or its subsidiary TEG are on the company’s client roster.

Organizations impacted by the recent Snowflake campaign, which hit roughly 165 organizations that didn’t properly secure their accounts on the platform, typically hadn’t implemented multi-factor authentication and didn’t follow proper password protocols.

For more on this story, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.