Add ticket broker StubHub to the list of online retailers who have been targeted by cyber thieves, who in this case acquired the login and password information for more than 1,000 StubHub customers and used that information to make ticket purchases.
Authorities in the United States, Canada and Great Britain have banded together to investigate the incident. The Associated Press has more:
Manhattan District Attorney Cyrus R. Vance Jr. was expected to hold a news conference Wednesday with London and Royal Canadian Mounted Police officials. A spokeswoman for Vance’s office declined to comment Tuesday night on the case, which comes amid growing concern about data thieves targeting retailers and other consumer giants.
StubHub, which is based in San Francisco, said that the thieves didn’t break through its security — rather, they got account-holders’ login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers’ computers, spokesman Glenn Lehrman said. …
In the last year, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the nation’s second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers’ payment card data might have been stolen. …
Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, [StubHub spokesman Glenn] Lehrman said.
Lehrman said the company, an online ticket broker that is owned by eBay, discovered the ill-gotten transactions last year and offered refunds to the affective customers after alerting the authorities.