Ticket resale site Stubhub, a parent company of eBay, has suffered a cyber-theft affecting 1,000 users with the fraudsters making purchases with the affected accounts. Authorities have made a number of arrests but have not provided any more details beyond that. [Updated below]
The incident isn’t anything particularly new though with Stubhub’s head of global communications Glenn Lehrmann explaining that the company has been working with authorities for over a year to track down what has been described as a network of fraudsters.
Lehrmann did not expand on the details of the problem, especially the financial information, but we understand that up to 1,000 users were affected. He was keen to add that the site was not actually breached but was accessed through other accounts that were then used to login to Stubhub. “We did not have anyone who hacked into our system,” he said.
The scheme has been described as a “pretty intense network of cyber fraudsters working in concert with each other.”
The attorneys for Stubhub are expected to announce the arrests and charges, later today. We’ll have updates as they become available.
Seven people have been arrested with defrauding Stubhub of $1.6 million. Arrests were made in New York and London.
Attorney Glenn Lehrmann said that the fraud had first been detected in 2013.
“These legitimate customer accounts were accessed by cybercriminals who had obtained the customers’ login and password either through data breaches of other websites and retailers, or through the use of key-loggers and/or other malware on the customer’s own PC.
“Once fraudulent transactions were detected on a given account, customers were immediately contacted by Stubhub’s trust and safety team, who refunded any unauthorised transactions.”