{"id":4157,"date":"2024-06-24T11:34:50","date_gmt":"2024-06-24T16:34:50","guid":{"rendered":"https:\/\/www.darkreading.com\/cloud-security\/30m-affected-tickettek-australia-cloud-breach"},"modified":"2024-06-24T11:34:50","modified_gmt":"2024-06-24T16:34:50","slug":"30m-potentially-affected-in-tickettek-australia-cloud-breach","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/06\/24\/30m-potentially-affected-in-tickettek-australia-cloud-breach\/","title":{"rendered":"30M Potentially Affected in Tickettek Australia Cloud Breach"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt507871eaff2c87d4\/6679a355bd8b111889261783\/sydney-Jon_Arnold_Images_Ltd-Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The ShinyHunters cybercrime gang has claimed another victim, this time in Australia. The group recently posted information on a Dark Web forum that it says is for about 30 million users of Ticketek, Down Under&#8217;s top live events ticketing organization.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Ticketek Entertainment Group (TEG) had already <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.teg.com.au\/statement-regarding-ticketek-cyber-incident\/\" rel=\"noopener\">disclosed the breach<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> in late May. According to a statement on its website, it noted that information had been heisted via an unnamed third-party cloud provider, with hackers making off with customer names, dates of birth, and email addresses. No user accounts were compromised, and payment information wasn&#8217;t caught up in the incident, TEG stressed.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The circumstances are eerily similar to the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/ticketmaster-confirms-cloud-breach-murky-details\" rel=\"noopener\">Ticketmaster breach<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, which came to light at the beginning of June after ShinyHunters posted information impacting 560 million customers on the BreachForums underground market. That breach was also due to the compromise of a third-party cloud account, which was quickly revealed by researchers to be Snowflake.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Researchers subsequently determined that the Ticketmaster incident was part of a much broader <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cloud-security\/snowflake-cloud-accounts-rampant-credential-issues\" rel=\"noopener\">cyber campaign against poorly secured Snowflake accounts<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> that hit as many as 165 organizations, including Advanced Auto Parts and (most likely) Santander Bank. The attackers targeted low-hanging fruit: cloud accounts that lacked multifactor authentication (MFA), using credentials from previous breaches. Some of the passwords hadn&#8217;t been rotated for three years, according to a recent analysis from Mandiant.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Despite <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/x.com\/BrettCallow\/status\/1803812470731014334\" rel=\"noopener\">researcher speculation<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, TEG has not confirmed a Snowflake connection nor ShinyHunters as the culprit for the cyberincident, though a 2022 case study (PDF) names the cloud provider as a technology partner for the ticketing giant. Neither company immediately returned a request for comment from Dark Reading.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/cloud-security\/30m-affected-tickettek-australia-cloud-breach\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ShinyHunters cybercrime gang has claimed another victim, this time<\/p>\n","protected":false},"author":12,"featured_media":4158,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-4157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=2560%2C1440&ssl=1",2560,1440,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=2048%2C1152&ssl=1",2048,1152,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/06\/30m-potentially-affected-in-tickettek-australia-cloud-breach-scaled.jpg?fit=2560%2C1440&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4157"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/4158"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}