Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG. TEG (Ticketek Entertainment Group) is an Australian company that operates in the live entertainment and ticketing industry. The company operates across multiple countries and sells over 30 million tickets annually for more than 30,000 events, […]

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live events and ticketing company TEG.

TEG (Ticketek Entertainment Group) is an Australian company that operates in the live entertainment and ticketing industry. The company operates across multiple countries and sells over 30 million tickets annually for more than 30,000 events, including live sports, concerts, theatre, festivals, and exhibitions.

TechCruch first reported that a threat actor is offering for sale data allegedly stolen from the company on a popular hacking forum.

The threat actor claims to have obtained information from 30 million users, including full name, username, gender, date of birth, hashed passwords, and email addresses. The threat actor shared a sample of the alleged stolen data as proof of the hack.

At the end of May, Ticketek disclosed a cyber incident affecting the information of Ticketek Australia account holders, which is stored on a cloud platform managed by a reputable global third-party provider.

Ticketek did not share the name of the third-party services provider, but experts believe it could be Snowflake. The data breach suffered by Snowflake impacted 165 customers, including TicketmasterSantander Bank and maybe Cylance.

At the time, the company assured that all passwords were securely encrypted and no customer accounts had been compromised. The company added that online payment information was not compromised as it is processed through a separate, unaffected system, and Ticketek does not hold customers’ identity documents. Upon being informed by the third-party supplier, Ticketek has been actively investigating and working to inform potentially impacted customers and other stakeholders promptly.

While TechCrunch verified the legitimacy of some data, Snowflake has yet to provide a comment on its alleged involvement in the TEG data breach.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, data breach)