Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Arrests are expected to be officially announced today. According to reports, the attack was the work of a cybercrime operation that spanned the globe and may have stolen some $10 million in tickets. After the tickets were purchased through the compromised accounts, the tickets were then distributed to a network of resellers.

Contacted by SecurityWeek, StubHub spokesperson Glenn Lehrman explained in a prepared statement that the company was alerted in 2013 that user accounts had been illegally accessed by cybercriminals. Since then, the company has been working with law enforcement agencies around the world, he said.

According to Lehrman, the attackers didn’t actually break StubHub security. Instead, it is believed they stole users’ login information in data breaches of other sites and used it to break into their StubHub accounts. It is also possible that certain customers’ computers were compromised with keyloggers or other credential-stealing malware that allowed the attackers to swipe their StubHub logins.  

“People often reuse the same credentials on different sites and once these are harvested they can be used to perform attacks elsewhere the person also has an account,” said Richard Westmoreland, lead security analyst at SilverSky. “Best practices suggest people should use unique passwords for every account – but in reality this is difficult to manage when it is common to have dozens of accounts.”

A recent report from Microsoft suggested that using strong password for every site may be overwhelming for the average user. Instead, sites should be grouped according to their value. Strong passwords, the paper recommended, should be used for sites that have sensitive user information, while weaker passwords could be shared among the groups of sites with less sensitive data.

However Troy Gill, senior security analyst at AppRiver, argued that this breach serves as a reminder that unique passwords should be used for each online account.

“A stolen password may reveal the formula to all of your other passwords, or worse, give hackers immediate access to those accounts that use the exact same password,” he said.

Advertisement. Scroll to continue reading.

“AppRiver blocks an awful lot of email and Web-based malware that is designed to harvest users’ personal information and account credentials,” added Gill. “Users should be aware that it’s not just their financial information that is attractive to hackers, but so too is any information they can leverage to commit fraud and turn a profit.”

According to reports, the ringleader of the operation is Russian citizen Vadim Polyakov, 30, who authorities said has been detained in Spain and faces extradition to the United States. Other arrests and raids are expected to be announced today in the U.K., Canada and the United States.

“The global law enforcement community has sent a strong message to the individuals that commit these crimes,” said Robert Capps, senior director of customer success at RedSeal Networks and former head of global trust and safety for StubHub. “You are no longer safe to travel and operate outside of your home country, without significant risk of arrest and prosecution. Isolation is a powerful force in the effort to change behaviors.  Confined within the borders of their home country, I suspect we’ll see a change in behavior of some of these criminals.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights