The ShinyHunters cybercrime gang has claimed another victim, this time in Australia. The group recently posted information on a Dark Web forum that it says concerns about 30 million users of Ticketek, the largest live event ticketing organization Down Under.
Ticketek Entertainment Group (TEG) has already done so The violation was revealed In late May. According to a statement on its website, it indicated that the information was stolen via an unnamed third-party cloud provider, with hackers stealing customer names, dates of birth, and email addresses. TEG stressed that no user accounts were compromised, and no payment information was discovered in the incident.
The conditions are eerily similar Ticket manager breach, which came to light at the beginning of June after ShinyHunters published information affecting 560 million customers on the underground marketplace BreachForums. This breach was also due to a third-party cloud account being compromised, which researchers quickly revealed to be Snowflake.
Researchers later determined that the Ticketmaster incident was part of a much broader incident Online campaign against poorly secured Snowflake accounts Which hit up to 165 organizations, including Advanced Auto Parts and (most likely) Santander Bank. Attackers targeted the low-hanging fruit: cloud accounts that lacked multi-factor authentication (MFA), using credentials from previous breaches. Some passwords were not changed for three years, according to a recent analysis by Mandiant.
despite of Researcher speculation, TEG has confirmed neither Snowflake nor ShinyHunters' connection as the culprit in the cyber incident, although a 2022 case study (PDF) names the cloud provider as a technology partner for the ticketing giant. Neither company immediately responded to a request for comment from Dark Reading.
