Australia's Ticketek is reportedly the latest firm to suffer a cybersecurity breach. Ticketek has warned users that their personal information may have been stolen from a third-party global cloud-based platform.
According to the Guardian, Clare O'Neil, the minister of cybersecurity, said late Friday night that "many Australians" were affected by the breach that appeared to be limited to the disclosure of email addresses, names, and dates of birth.
While the ticketing company assured customers their credit card details and passwords were safe, O'Neil warned that they should still be vigilant about scammers. In a statement, Ticketek said it had already started informing affected customers and would provide more updates as more details become available.
On Friday night, customers received emails from Ticketek regarding the "cyber incident" that affected account holder information kept in a cloud-based platform maintained by a "reputable, global third-party supplier."
The email did not identify the third-party supplier. However, it said that since Ticketek learned about the problem a few days ago, the company has carefully used its resources to finish the investigation and get back to users as soon as possible.
"We utilise secure encryption methods to handle credit card information and transactions are processed via a separate payment system, which has not been impacted. Ticketek does not hold identity documents for its customers... We sincerely apologise to all those who may have been affected by this incident," the email said.
Ticketek did not disclose the number of Australian clients impacted and if the cloud-based platform it had referred to was Snowflake. The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) released a notice on Saturday, saying it was aware of successful compromises of several companies that utilized Snowflake's service.
Ticketek and Snowflake
Ticketek's data breach occurred only a few days after hackers were reported to have targeted the cloud storage platform Snowflake to steal data from its hundreds of customers.
The Boston-based company, known for providing cloud-based data storage and analytics services to numerous major brands, recently confirmed that it is investigating increased cyber threat activity targeting some of its customers' accounts.
This statement follows a claim by cybersecurity vendor Hudson Rock, which reported that Snowflake experienced a "massive breach" affecting up to 400 companies.
Snowflake Cybersecurity Breach
Hudson Rock discovered the incident after communicating with a hacker who allegedly accessed the data of Ticketmaster and Santander Bank. According to the cybersecurity vendor, the hacker noted that all these breaches originated from the compromise of a single vendor, Snowflake.
The hacker asserted that they breached Snowflake by acquiring login credentials from an employee's ServiceNow account, which seemed to be integrated into Snowflake's internal IT infrastructure.
This access allowed them to bypass security measures from Snowflake's single sign-on provider, Okta. After gaining entry, the hacker claimed to have generated session tokens, enabling them to extract substantial amounts of data from the company.
Hudson Rock disclosed that the hacker then attempted to extort $20 million from Snowflake but received no response from the company.