Stubhub is the latest retailer to be targeted for a cyber breach by hackers. Cyber thieves got into more than 1,600 StubHub customers’ accounts and fraudulently bought tickets for events, a law enforcement official and the company said Tuesday.
StubHub, which is based in San Francisco, said that the thieves didn’t break through its security — rather, they got account-holders’ login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers’ computers, spokesman Glenn Lehrman said.
Stubhub spokesman Glenn Lehrman said that the company had worked with law enforcement officers across the world after being alerted to the problem. The company detected the breaches last year and gave refunds.
“To be clear, there have been no intrusions into Stubhub system,” he said. “The arrests today relate to fraudulent transactions that were detected on existing Stubhub customer accounts in 2013. These legitimate customer accounts were accessed by cybercriminals who had obtained the customers’ login and password either through data breaches of other websites and retailers, or through the use of key-loggers and/or other malware on the customer’s own PC.”
“Once fraudulent transactions were detected on a given account, customers were immediately contacted by Stubhub’s trust and safety team, who refunded any unauthorized transactions, and assisted the customer with changing their password to secure their account from further activity,” Lehrman said.
“We are pleased to see these cybercriminals brought to justice,” Lehrman said in a statement.
He did not disclose how much money was involved.
Manhattan District Attorney Cyrus Vance Jr. is scheduled to hold a press conference Wednesday with the Royal Canadian Mounted Police to announce arrests and criminal charges in an international hacking case spanning from Russia to New York, according to a statement. City of London, Ontario, police will also announce arrests, it said.