Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Arrests are expected to be officially announced today. According to reports, the attack was the work of a cybercrime operation that spanned the globe and may have stolen some $10 million in tickets. After the tickets were purchased through the compromised accounts, the tickets were then distributed to a network of resellers.

Contacted by SecurityWeek, StubHub spokesperson Glenn Lehrman explained in a prepared statement that the company was alerted in 2013 that user accounts had been illegally accessed by cybercriminals. Since then, the company has been working with law enforcement agencies around the world, he said.

According to Lehrman, the attackers didn’t actually break StubHub security. Instead, it is believed they stole users’ login information in data breaches of other sites and used it to break into their StubHub accounts. It is also possible that certain customers’ computers were compromised with keyloggers or other credential-stealing malware that allowed the attackers to swipe their StubHub logins.  

“People often reuse the same credentials on different sites and once these are harvested they can be used to perform attacks elsewhere the person also has an account,” said Richard Westmoreland, lead security analyst at SilverSky. “Best practices suggest people should use unique passwords for every account – but in reality this is difficult to manage when it is common to have dozens of accounts.”

A recent report from Microsoft suggested that using strong password for every site may be overwhelming for the average user. Instead, sites should be grouped according to their value. Strong passwords, the paper recommended, should be used for sites that have sensitive user information, while weaker passwords could be shared among the groups of sites with less sensitive data.

However Troy Gill, senior security analyst at AppRiver, argued that this breach serves as a reminder that unique passwords should be used for each online account.

“A stolen password may reveal the formula to all of your other passwords, or worse, give hackers immediate access to those accounts that use the exact same password,” he said.

Advertisement. Scroll to continue reading.

“AppRiver blocks an awful lot of email and Web-based malware that is designed to harvest users’ personal information and account credentials,” added Gill. “Users should be aware that it’s not just their financial information that is attractive to hackers, but so too is any information they can leverage to commit fraud and turn a profit.”

According to reports, the ringleader of the operation is Russian citizen Vadim Polyakov, 30, who authorities said has been detained in Spain and faces extradition to the United States. Other arrests and raids are expected to be announced today in the U.K., Canada and the United States.

“The global law enforcement community has sent a strong message to the individuals that commit these crimes,” said Robert Capps, senior director of customer success at RedSeal Networks and former head of global trust and safety for StubHub. “You are no longer safe to travel and operate outside of your home country, without significant risk of arrest and prosecution. Isolation is a powerful force in the effort to change behaviors.  Confined within the borders of their home country, I suspect we’ll see a change in behavior of some of these criminals.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.