Crooks used logins stolen from earlier breaches at other companies.
Cybercriminals commandeered more than 1,000 user accounts on the ticket resale website and bought tickets to marquee events, using logins stolen from earlier breaches at other companies, and other tactics, BBC reports.
The crooks, members of an international syndicate, then scalped the vouchers and divvied up the proceeds, according to U.S. authorities.
Fraudulent transactions were detected on StubHub customer accounts last year. StubHub is owned by eBay.
"Once fraudulent transactions were detected on a given account, customers were immediately contacted by StubHub's trust and safety team, who refunded any unauthorized transactions,” company spokesman Glenn Lehrman said.
While the hack did not affect eBay servers, it defrauded the company of about $1 million.
Read the rest at ThreatWatch, Nextgov’s regularly updated index of cyber breaches.
And find out even more on “NG Cybersecurity,” our new iPhone app.