Australian event ticketing company Ticketek has confirmed a data breach, affecting millions of users, linked to a third-party cloud-based platform. The breach, which occurred in May 2024, was disclosed after data appeared for sale on a popular hacking forum and was later connected to breaches of the Snowflake cloud storage service.
The breach has just been confirmed by Have I Been Pwned (HIBP), a data breach notification service. According to HIBP, the compromised data includes nearly 30 million rows of information, with 17.6 million unique email addresses. The exposed data also contains names, genders, dates of birth, salutations, and hashed passwords.
Ticketek, a leading ticketing service provider in Australia, facilitates ticket sales for various events, including concerts, sports, and theatre. The company has a substantial user base, underscoring the extensive impact of this breach.
The threat actor, identified as “Sp1d3r,” posted the stolen data for sale on June 20, 2024. The dataset includes not only personal identifiers such as names and email addresses but also usernames, business names, and hashed passwords. The asking price for this dataset is $30,000 USD, with contact details provided for potential buyers.
CyberInsider
HIBP confirms Ticketek breach
Troy Hunt, the founder of HIBP, confirmed the breach on the social media platform X (formerly Twitter), mentioning that verifying the breach was facilitated by the inclusion of his own personal information. Hunt highlighted that the breached data had been extracted and shown to him by the sender, affirming the breach's authenticity.
In his posts, Hunt praised Ticketek for their prompt breach notifications, which he personally received shortly after the breach was discovered. However, he noted that not all users received the same timely communication, prompting further verification checks with Ticketek to ensure the data accuracy.
Based on the analysis, the breached data encompasses 17,643,173 unique email addresses and hashed passwords, name, gender, and date of birth.
Following the breach, numerous users, including those who had signed up with Ticketek as early as 2007, confirmed the accuracy of their compromised details. Some users, however, reported delayed notifications from Ticketek, receiving breach alerts through HIBP before any official communication from Ticketek.
For affected users and the general public, the following steps are recommended to mitigate the impact of the breach:
- Change passwords immediately for Ticketek accounts and any other accounts using the same or similar passwords, and use unique and long passwords for each account.
- Where possible, enable Multi-Factor Authentication (MFA) to add an additional layer of security.
- Regularly check email and other accounts for unusual activity or unauthorized access.
- Be vigilant for phishing attempts. Breached information can be used to craft convincing phishing emails and scam exposed users.
TeamViewer Confirms Breach by Russian State Hackers APT29
Leave a Reply