Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Online ticket service StubHub was reportedly hit in a cyber-attack that compromised more than a thousand accounts.

Arrests are expected to be officially announced today. According to reports, the attack was the work of a cybercrime operation that spanned the globe and may have stolen some $10 million in tickets. After the tickets were purchased through the compromised accounts, the tickets were then distributed to a network of resellers.

Contacted by SecurityWeek, StubHub spokesperson Glenn Lehrman explained in a prepared statement that the company was alerted in 2013 that user accounts had been illegally accessed by cybercriminals. Since then, the company has been working with law enforcement agencies around the world, he said.

According to Lehrman, the attackers didn’t actually break StubHub security. Instead, it is believed they stole users’ login information in data breaches of other sites and used it to break into their StubHub accounts. It is also possible that certain customers’ computers were compromised with keyloggers or other credential-stealing malware that allowed the attackers to swipe their StubHub logins.  

“People often reuse the same credentials on different sites and once these are harvested they can be used to perform attacks elsewhere the person also has an account,” said Richard Westmoreland, lead security analyst at SilverSky. “Best practices suggest people should use unique passwords for every account – but in reality this is difficult to manage when it is common to have dozens of accounts.”

A recent report from Microsoft suggested that using strong password for every site may be overwhelming for the average user. Instead, sites should be grouped according to their value. Strong passwords, the paper recommended, should be used for sites that have sensitive user information, while weaker passwords could be shared among the groups of sites with less sensitive data.

However Troy Gill, senior security analyst at AppRiver, argued that this breach serves as a reminder that unique passwords should be used for each online account.

Advertisement. Scroll to continue reading.

“A stolen password may reveal the formula to all of your other passwords, or worse, give hackers immediate access to those accounts that use the exact same password,” he said.

“AppRiver blocks an awful lot of email and Web-based malware that is designed to harvest users’ personal information and account credentials,” added Gill. “Users should be aware that it’s not just their financial information that is attractive to hackers, but so too is any information they can leverage to commit fraud and turn a profit.”

According to reports, the ringleader of the operation is Russian citizen Vadim Polyakov, 30, who authorities said has been detained in Spain and faces extradition to the United States. Other arrests and raids are expected to be announced today in the U.K., Canada and the United States.

“The global law enforcement community has sent a strong message to the individuals that commit these crimes,” said Robert Capps, senior director of customer success at RedSeal Networks and former head of global trust and safety for StubHub. “You are no longer safe to travel and operate outside of your home country, without significant risk of arrest and prosecution. Isolation is a powerful force in the effort to change behaviors.  Confined within the borders of their home country, I suspect we’ll see a change in behavior of some of these criminals.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...