Thieves got into 1,000 StubHub accounts

Jul 23, 2014 by Jennifer Peltz

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Arrests were expected in a case that sprawled across international borders, said the official, who wasn't authorized to discuss it ahead of arrests being announced and spoke on the condition of anonymity.

Manhattan District Attorney Cyrus R. Vance Jr. was expected to hold a news conference Wednesday with London and Royal Canadian Mounted Police officials. A spokeswoman for Vance's office declined to comment Tuesday night on the case, which comes amid growing concern about data thieves targeting retailers and other consumer giants.

StubHub, which is based in San Francisco, said that the thieves didn't break through its security—rather, they got account-holders' login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers' computers, spokesman Glenn Lehrman said.

The company detected the unauthorized transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords, he said.

It's unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn't give further details Tuesday.

StubHub, owned by eBay Inc., is the leading digital marketplace for reselling concert, sports, theater and other tickets, offering brokers and fans a way "to buy or sell their tickets in a safe, convenient and highly reliable environment," as its website pledges. The company, which serves as an official secondary ticket market for such entities as Major League Baseball, this spring unveiled plans to become an event producer itself, selling tickets to a handful of its own concerts.

In the last year, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the nation's second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers' payment card data might have been stolen.

Ticket-sellers also have been targeted. The event ticketing service Vendini last month settled a class action lawsuit related to a data breach in 2013.

Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, Lehrman said.

Authorities generally advise consumers to protect against possible identity theft from such breaches by keeping close watch on their bank statements and using credit card monitoring services, among other tips.

Explore further: Goodwill, feds investigate possible data breach

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Recommended for you

New approach to online compatibility

8 hours ago

Many of the online social networks match users with each other based on common keywords and assumed shared interests based on their activity. A new approach that could help users find new friends and contacts with a greater ...

Most internet anonymity software leaks users' details

22 hours ago

Virtual Private Networks (VPNs) are legal and increasingly popular for individuals wanting to circumvent censorship, avoid mass surveillance or access geographically limited services like Netflix and BBC ...

WikiLeaks says NSA spied on French business

Jun 29, 2015

WikiLeaks has released documents that it says show that the U.S. National Security Agency eavesdropped on France's top finance officials and high-stakes French export bids over a decade in what the group called targeted economic ...

Google gets extended deadline to answer EU case

Jun 29, 2015

Brussels has given Google an extension until mid-August to answer an anti-trust case alleging that the tech giant abuses its search engine's market dominance, a company spokesman said Monday.

Facebook opens first Africa office

Jun 29, 2015

Facebook announced Monday it had opened its first African office in Johannesburg as part of its efforts "to help people and businesses connect" on the continent.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Jul 23, 2014
As a means of authentication, particularly a sole means, passwords are so bad. Sometimes it seems like we could hardly do worse if we didn't use passwords at all. That way, at least users would be divested of an inaccurate belief of how secure their transactions are.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.