What Happened
In late May 2024, Ticketek Entertainment Group (TEG), an Australia-based ticketing company, announced a data breach affecting Australian customer information stored on a cloud-based platform hosted by a third-party supplier, suspected to be Snowflake. In June 2024, a hacker using the alias “Sp1d3r” advertised the stolen data on a cybercrime forum, claiming to have compromised approximately 30 million users’ records, though Troy Hunt’s “Have I Been Pwned” platform later confirmed 17.6 million unique email addresses in the breach. The exposed data included names, dates of birth, email addresses, genders, usernames, and hashed passwords, but Ticketek confirmed that no customer accounts were compromised and payment information was not accessed. The breach was linked to a broader campaign targeting Snowflake customers, with attackers exploiting stolen credentials, some obtained years earlier through unrelated malware campaigns. Ticketek subsequently sought and obtained an injunction to prevent dissemination of the data and cooperated with Australian authorities including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
