Concertgoers ripped off by StubHub hackers
Credential-stealing malware; Stolen credentials; User accounts compromised
Cybercriminals commandeered more than 1,000 user accounts on the online ticket resale service and bought tickets to marquee events, like Jay-Z and Elton John concerts and a New York Yankees-Boston Red Sox game.
The crooks, members of an international syndicate, then scalped the tickets and divvied up the proceeds, according to U.S. authorities.
The BBC reports they broke into the accounts by obtaining legitimate customers’ logins during earlier data breaches at other companies, or by installing malicious software on the customers’ own PCs that logged their keystrokes or performed other theft.
Fraudulent transactions were detected on Stubhub customer accounts last year. Stubhub is owned by eBay.
"Once fraudulent transactions were detected on a given account, customers were immediately contacted by Stubhub's trust and safety team, who refunded any unauthorised transactions,” company spokesman Glenn Lehrman said.
While the hack did not affect eBay servers, it defrauded the company of about $1 million. U.S. authorities have charged six men in connection with the racket.
Three of the men are from Russia, while the others are Americans.
The suspects funneled the proceeds from illegal ticket sales to PayPal accounts they controlled, as well as to multiple bank accounts in the UK and Germany.
The City of London police force said it has arrested a 27-year-old, a 39-year-old and a 46-year-old in connection with the crimes. The Canadian police said they have arrested an additional suspect in Toronto.
July 23, 2014
Link to report
more than 1,600 accounts
location of breach
location of perpetrators
date breach occurred
date breach detected