Thieves got into 1,000 StubHub accounts

Jul 23, 2014 by Jennifer Peltz

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Arrests were expected in a case that sprawled across international borders, said the official, who wasn't authorized to discuss it ahead of arrests being announced and spoke on the condition of anonymity.

Manhattan District Attorney Cyrus R. Vance Jr. was expected to hold a news conference Wednesday with London and Royal Canadian Mounted Police officials. A spokeswoman for Vance's office declined to comment Tuesday night on the case, which comes amid growing concern about data thieves targeting retailers and other consumer giants.

StubHub, which is based in San Francisco, said that the thieves didn't break through its security—rather, they got account-holders' login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers' computers, spokesman Glenn Lehrman said.

The company detected the unauthorized transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords, he said.

It's unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn't give further details Tuesday.

StubHub, owned by eBay Inc., is the leading digital marketplace for reselling concert, sports, theater and other tickets, offering brokers and fans a way "to buy or sell their tickets in a safe, convenient and highly reliable environment," as its website pledges. The company, which serves as an official secondary ticket market for such entities as Major League Baseball, this spring unveiled plans to become an event producer itself, selling tickets to a handful of its own concerts.

In the last year, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the nation's second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers' payment card data might have been stolen.

Ticket-sellers also have been targeted. The event ticketing service Vendini last month settled a class action lawsuit related to a data breach in 2013.

Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, Lehrman said.

Authorities generally advise consumers to protect against possible identity theft from such breaches by keeping close watch on their bank statements and using credit card monitoring services, among other tips.

Explore further: Goodwill, feds investigate possible data breach

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Jul 23, 2014
As a means of authentication, particularly a sole means, passwords are so bad. Sometimes it seems like we could hardly do worse if we didn't use passwords at all. That way, at least users would be divested of an inaccurate belief of how secure their transactions are.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.