An undisclosed number of Australians have had their private information impacted in a cyber incident at leading ticketing company Ticketek, just days after fellow site Ticketmaster suffered the same fate.
While the company stressed its passwords are securely encrypted and Ticketek customer accounts have not been directly compromised, it admitted on Friday the evidence from its investigation indicates customer names, dates of birth and email addresses may have been impacted.
Ticketek further emphasised the company does not hold identity documents for its customers, and its online payments are processed by a separate system which has not been impacted.
“On a precautionary basis, we recommend that our customers remain vigilant for potential phishing emails and other scam communications, including from organisations purporting to be from Ticketek,” wrote Ticketek.
“We thank our customers for their understanding and support as we work through this.”
Ticketek has not publicly disclosed how many account holders are impacted, however, the company says it sells over 23 million tickets each year, and draws over 1.9 million unique users to its website per month.
Cyber security minister Clare O’Neil said the information available so far indicates this is a breach “potentially affecting many Australians”.
“Where companies hold a significant amount of data, Australians expect that they look after it,” O’Neil wrote on LinkedIn.
“The number of recent breaches has demonstrated the importance of companies quickly alerting affected customers, and offering them support.
“I'd ask Australians to be especially vigilant and on the lookout for scams during a time like this.”
The email Ticketek sent to customers. Photo: Supplied.
Ticketek and Ticketmaster point to third party
In a statement, Ticketek revealed the impacted data is stored on the cloud-based platform of a “reputable, global third party supplier”, though the company did not confirm which supplier this may have been.
Last week, ticketing and events giant Ticketmaster confirmed it too was the victim of a security incident after hacking group ShinyHunters claimed to have stolen 1.3 terabytes of data across 560 million global customers – including names, addresses, credit card details and phone numbers.
While Ticketmaster was slow to release a public statement, over the weekend its parent company Live Nation Entertainment revealed it had identified “unauthorised activity within a third-party cloud database environment”.
Around the same time, cyber security firm Hudson Rock released a now-deleted report which suggested the Ticketmaster breach – as well as a recent breach at US bank Santander Bank – was related to a hack at cloud storage firm Snowflake.
Snowflake – which services nearly 10,000 customers including such notable companies as Adobe, Doordash, HP and Mastercard – went on to deny blame for these recent attacks, stating it has not “identified evidence” suggesting the activity was caused by a “vulnerability, misconfiguration, or breach of Snowflake’s platform”.
Rather, Snowflake said recent threats against its users appear to be part of a campaign directed at those with single-factor authentication; or in other words, those who don’t have multi-factor authentication enabled on their account.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre has further announced it is aware of “successful compromises of several companies” utilising Snowflake environments, and is tracking increased cyber threat activity relating to Snowflake customers.
Notably, another recent victim of ShinyHunters is restaurant chain Pizza Hut Australia – which Information Age understands is also a client of Snowflake.
Ticketek did not confirm to Information Age whether Snowflake is the third-party related to its unfolding data breach.
Adrian Kitto, co-founder and chief technology officer of ‘software-as-a-service’ security platform Detexian, told Information Age the Ticketmaster breach was likely attributable to a lack of multi-factor authentication.
“It is very early in this breach lifecycle and misinformation is easily spread currently,” said Kitto.
“We have seen the Hudson Rock report being published and pulled down already that laid the blame on Snowflake.
“The fact it has been retracted so quickly suggests that they were shown evidence to the contrary.
“The working theory, in at least the Ticketmaster hack, is that a Ticketmaster developer’s credential was compromised and it was not configured to use multi-factor authentication.”
Kitto further attested to the importance of third party cloud security, harkening back to a 2023 breach at corporate authentication company Okta which impacted such clients as 1Password, BeyondTrust and Cloudflare.
“Both APRA and ASD have been pushing Australian companies to uplift their third party or supplier risk management practices for a number of years,” said Kitto.
“This breach and a number of others are repeatedly showing that your security is only as strong as your weakest link and the weakest link is often outside of your direct control.”
Following its incident, Ticketek has urged customers to remain “vigilant” against the risk of phishing emails and scams, and to enable multi-factor authentication for online accounts where possible.
