recommended reading

Threatwatch

Concertgoers ripped off by StubHub hackers

Credential-stealing malware; Stolen credentials; User accounts compromised

Cybercriminals commandeered more than 1,000 user accounts on the online ticket resale service and bought tickets to marquee events, like Jay-Z and Elton John concerts and a New York Yankees-Boston Red Sox game.

The crooks, members of an international syndicate, then scalped the tickets and divvied up the proceeds, according to U.S. authorities.

The BBC reports they broke into the accounts by obtaining legitimate customers’ logins during earlier data breaches at other companies, or by installing malicious software on the customers’ own PCs that logged their keystrokes or performed other theft.

Fraudulent transactions were detected on Stubhub customer accounts last year. Stubhub is owned by eBay.

"Once fraudulent transactions were detected on a given account, customers were immediately contacted by Stubhub's trust and safety team, who refunded any unauthorised transactions,” company spokesman Glenn Lehrman said.

While the hack did not affect eBay servers, it defrauded the company of about $1 million. U.S. authorities have charged six men in connection with the racket.

Three of the men are from Russia, while the others are Americans.

The suspects funneled the proceeds from illegal ticket sales to PayPal accounts they controlled, as well as to multiple bank accounts in the UK and Germany.

The City of London police force said it has arrested a 27-year-old, a 39-year-old and a 46-year-old in connection with the crimes. The Canadian police said they have arrested an additional suspect in Toronto.

sector

Entertainment

reported

July 23, 2014

reported by

Associated Press

number affected

more than 1,600 accounts

location of breach

Unknown

perpetrators

Criminals

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

2013