Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Six Indicted in StubHub Ticket Cyber-Fraud Case

Law enforcement authorities announced the indictment of six people in connection with a cybercrime operation that defrauded users of the StubHub ticketing service.

Law enforcement authorities announced the indictment of six people in connection with a cybercrime operation that defrauded users of the StubHub ticketing service.

According to Manhattan District Attorney Cyrus R. Vance Jr., the gang took over the accounts of StubHub users, stole personal information, used victims’ credit cards to make fraudulent electronic ticket purchases and then transferred the proceeds through a network of accomplices in the United States, United Kingdom, Russia and Canada. Though previous reports had projected the total value of the stolen tickets to be $10 million, authorities Wednesday put the number at $1 million in a statement.

Among other charges, the defendants were charged in New York State Supreme Court with counts of money laundering, grand larceny, criminal possession of stolen property and identity theft.

“Cybercriminals know no boundaries – they do not respect international borders or laws,” Vance said in a statement. “Today’s arrests and indictment connect a global network of hackers, identity thieves, and money-launderers who victimized countless individuals in New York and elsewhere. The coordinated actions of law enforcement officials in New York, New Jersey, the United Kingdom, and Canada demonstrate what can be achieved through international cooperation.”

According to authorities, StubHub discovered in March 2013 that more than 1,000 accounts were compromised by individuals using pre-existing credit card information associated with the accounts to fraudulently purchase tickets. StubHub reported the fraud and immediately implemented “security measures” to prevent the account takeovers. However, investigators learned the gang was able to circumvent the security protocols within the accounts by using new credit card information stolen from additional victims as opposed to the original victim’s pre-existing card information.  

After investigating the receipts and transaction records of more than 1,600 illegally accessed accounts, analysts in Manhattan’s DA office were able to trace the exchanges to Internet protocol addresses, PayPal accounts, bank accounts and other financial accounts used and controlled by the indicted individuals.

“The assault on StubHub showcases the creativity of the cybercriminal underground,” said Trend Micro vice president of technology and solutions JD Sherry. “They have taken ticket scalping to the next level in the form of ‘Cyber Scalping.’ Any event with a social aspect such as concerts or sports that conduct commerce with a large online community are primary targets for these sophisticated crime syndicates.” 

Advertisement. Scroll to continue reading.

The investigation culminated in charges against Vadim Polyakov, 30, and Nikolay Matveychuk, 21, who are accused of using information taken from StubHub accounts as well as stolen credit card numbers to purchase more than 3,500 tickets and sending them to a group of individuals in New York and New Jersey to be resold. Daniel Petryszyn, 28; Laurence Brinkmeyer, 29; and Bryan Caputo, 29; are charged with reselling the stolen tickets that they received from Polyakov and his associates.

Also charged was Sergei Kirin, 37, a Russian national who advertised his money laundering services online.

“StubHub would like to thank the New York District Attorney’s Office, the New York Police Department as well as the many participating law enforcement agencies around the world for their efforts in investigating organized criminal activity targeting the event ticketing industry and consumers at large,” StubHub Director of Trust and Safety Eric Boyles said in a statement. “We are pleased to see these cyber criminals brought to justice as part of StubHub’s continuing commitment to maintaining safe and open markets for fans to buy and sell tickets.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.