A hacker asserts possession of 30 million customer records from TEG, a major Australian ticket seller

A hacker is advertising customer data allegedly stolen from the Australia-based live events and ticketing company TEG on a well-known hacking forum.

On Thursday, a hacker put up for sale the alleged stolen data from TEG, claiming to have information on 30 million users, including full names, gender, dates of birth, usernames, hashed passwords, and email addresses.

In late May, TEG-owned ticketing company Ticketek disclosed a data breach affecting Australian customers’ data, which is stored on a cloud-based platform hosted by a reputable, global third-party supplier.

The company stated that no Ticketek customer account had been compromised, thanks to the encryption methods used to store passwords. However, TEG acknowledged that customer names, dates of birth, and email addresses might have been impacted — data that aligns with what is being advertised on the hacking forum.

The hacker included a sample of the alleged stolen data in their post. Verification attempts showed that at least some of the data published on the forum appears legitimate. For instance, attempts to sign up for new accounts using the published email addresses resulted in errors on Ticketek’s website, indicating the email addresses are already in use.