NEW YORK (AP) — Some of the hottest tickets in town — to Broadway hits, Jay-Z and Justin Timberlake concerts, a New York Yankees-Boston Red Sox game — were snapped up by an international ring of cyber thieves who commandeered more than 1,000 StubHub users' accounts to make big money by fraudulently buying tickets and reselling them, prosecutors said Wednesday.
Ten people around the world have been indicted or arrested in connection with the case, which involved more than 3,500 tickets and at least $1.6 million in unauthorized purchases of sought-after seats, some to sold-out shows or behind the Yankee Stadium dugout, Manhattan District Attorney Cyrus R. Vance Jr. said.
"Today's arrests and indictment connect a global network of hackers, identity thieves and money-launderers" who targeted the leading digital marketplace for reselling event tickets, Vance said. The scheme spooled from Russia to London to Toronto to the New York area and even to Barcelona, Spain, where accused Russian ringleader Vadim Polyakov was arrested while vacationing earlier this month.
The case comes amid growing concern about data thieves targeting consumer giants, and it pointed up pitfalls customers may face in using one password in multiple parts of their online lives.
StubHub said it was alerted to "a small number of accounts that had been illegally taken over by fraudsters" last year, contacted authorities and gave the affected customers refunds.
While prosecutors said they weren't certain how the alleged thieves got access, San Francisco-based StubHub said they got account-holders' login and password information from key-loggers or other malware on the customers' computers or from data breaches at other businesses. San Francisco-based StubHub, owned by eBay Inc., said there had been "no intrusions into StubHub technical or financial systems."
In the last few years, such major companies as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Since many customers use the same email and password on multiple websites, thieves can net a combination from one site that works in many others, data security experts say.
It's like re-using "the same key for every lock in your life — especially if you're giving that key out to everyone you meet," says Joe Siegrist, the CEO of LastPass, which makes password-management software.
Continue reading this story on the...