Thieves got into 1,000 StubHub accounts

Jul 23, 2014 by Jennifer Peltz

(AP)—Cyber thieves got into more than 1,000 StubHub customers' accounts and fraudulently bought tickets for events through the online ticket reseller, a law enforcement official and the company said.

Arrests were expected in a case that sprawled across international borders, said the official, who wasn't authorized to discuss it ahead of arrests being announced and spoke on the condition of anonymity.

Manhattan District Attorney Cyrus R. Vance Jr. was expected to hold a news conference Wednesday with London and Royal Canadian Mounted Police officials. A spokeswoman for Vance's office declined to comment Tuesday night on the case, which comes amid growing concern about data thieves targeting retailers and other consumer giants.

StubHub, which is based in San Francisco, said that the thieves didn't break through its security—rather, they got account-holders' login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers' computers, spokesman Glenn Lehrman said.

The company detected the unauthorized transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords, he said.

It's unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts. The company and the law enforcement official wouldn't give further details Tuesday.

StubHub, owned by eBay Inc., is the leading digital marketplace for reselling concert, sports, theater and other tickets, offering brokers and fans a way "to buy or sell their tickets in a safe, convenient and highly reliable environment," as its website pledges. The company, which serves as an official secondary ticket market for such entities as Major League Baseball, this spring unveiled plans to become an event producer itself, selling tickets to a handful of its own concerts.

In the last year, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the nation's second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers' payment card data might have been stolen.

Ticket-sellers also have been targeted. The event ticketing service Vendini last month settled a class action lawsuit related to a data breach in 2013.

Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, Lehrman said.

Authorities generally advise consumers to protect against possible identity theft from such breaches by keeping close watch on their bank statements and using credit card monitoring services, among other tips.

Explore further: Goodwill, feds investigate possible data breach

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Neiman Marcus is latest victim of security breach

Jan 12, 2014

Luxury merchant Neiman Marcus confirmed Saturday that thieves stole some of its customers' payment card information and made unauthorized charges over the holiday season, becoming the second retailer in recent ...

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Jul 23, 2014
As a means of authentication, particularly a sole means, passwords are so bad. Sometimes it seems like we could hardly do worse if we didn't use passwords at all. That way, at least users would be divested of an inaccurate belief of how secure their transactions are.