In May 2024, Australian live entertainment giant Ticketek—operated by TEG (teg.com.au)—confirmed a significant data breach affecting millions of users. While the breach initially appeared contained, we’re now seeing the compromised data surfacing on dark web forums, months later.
If you’ve ever bought tickets through Ticketek or created an account, your personal information may now be publicly exposed and for sale.
Here’s what you need to know: and what you can do to stay protected.
What Happened?
Ticketek reported that a third-party cloud platform used to store customer account data had been breached. According to Ticketek, no financial details (like credit card numbers) were compromised, and passwords were encrypted. However, a range of personally identifiable information (PII) was exposed.
Exposed Information Includes:
- Full names
- Email addresses
- Dates of birth
- Gender (if provided)
- Usernames
- Hashed (encrypted) passwords
Now Surfacing on the Dark Web
As of August 2025, this data is actively being traded and sold on underground forums. A known hacker alias, “Sp1d3r,” is offering a data set of up to 30 million user records for sale. Sample data reviewed by security experts has been deemed credible, with many matching real Ticketek accounts.
This means the risk is no longer theoretical—your data may now be in the hands of cybercriminals.
Why It Matters
Even if your credit card wasn’t stolen, your personal data is still highly valuable. With a few key details—like your email and birthdate—bad actors can:
- Sell your details for use in broader scams
- Launch targeted phishing attacks
- Attempt to crack your password and access your other accounts
- Engage in identity fraud or impersonation
What Should You Do?
Here’s a practical checklist to help protect yourself now:
1. Check if You Were Affected
Search your email at HaveIBeenPwned.com to see if you’re part of the Ticketek breach.
2. Change Your Passwords
If you used the same password for Ticketek and any other service, change it immediately. Use unique passwords for each platform.
3. Enable Multi-Factor Authentication (MFA)
Add MFA to your accounts—especially email, banking, and social media. This drastically reduces the chance of account takeovers.
4. Be Wary of Phishing Attempts
Watch for emails or messages pretending to be from Ticketek or related services. Don’t click on suspicious links, and always verify the sender.
5. Keep an Eye on Your Accounts
Monitor bank statements and logins for anything out of the ordinary. If you see suspicious activity, act quickly—change passwords and notify relevant providers.
Future-Proof Your Digital Life
While you can’t prevent every breach, you can minimise your exposure with a few simple habits:
- Use a password manager to generate and store strong, unique passwords
- Avoid reusing passwords across platforms
- Think twice before sharing personal details online
- Regularly review your online accounts and shut down old ones
- Enable alerts for unusual account activity wherever possible
Final Thoughts
The Ticketek breach is a wake-up call. The data may have been stolen months ago, but it’s only now hitting the dark web, giving criminals a fresh opportunity to exploit it.
If you suspect you may be affected or just want to improve your online security, feel free to contact the team at GeekStuff. We’re here to help everyday users navigate the tech world safely and confidently.