StubHub cybercrime attack leads to 10 arrests

Six people were indicted in New York Tuesday for involvement in a global cybercrime ring that took over more than 1,600 accounts of eBay's StubHub online ticket reselling service, according to a statement released by the office of Manhattan District Attorney Cyrus R. Vance.

One person has been arrested in Toronto and three in London in addition to the six in New York.

StubHub was defrauded of at least $1 million US, the statement said, after the thievesfraudulently bought tickets for events through the online ticket reseller.

• Cybercrime costs $445B US a year to global economy, report finds
• Cybercrime moving to smartphones and tablets, say experts

London and RCMP officials charged with investigating organized crime were at a news conference with Vance this morning to release details of the case involvinga global network of accomplices in the U.S., U.K., Russiaand Canada.

The defendants are charged in New York State Supreme Court with money laundering, grand larceny, criminal possession of stolen propertyand identity theft.

The cybercriminals hacked accounts in the U.S., bought tickets and sold them, then laundered the money through accounts in Toronto and London, the investigators said.

There is growing concern about data thieves targeting retailers and other consumer giants.

StubHub said that the thieves got account-holders' login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers' computers, spokesman Glenn Lehrman said.

The company detected the unauthorized transactions last year, contacted authorities and gave the affected customers refunds and help changing their passwords, he said.

It's unclear whether the digital prowlers then exploited their access to scoop up more information from the compromised accounts.

StubHub, owned by eBay Inc., is the leading digital marketplace for reselling concert, sports, theatreand other tickets, offering brokers and fans a way "to buy or sell their tickets in a safe, convenient and highly reliable environment," as its website pledges.

The crime ring was able to snag tickets toElton John, Marc Anthony, Justin Timberlake and Jay-Z concerts, Broadway tickets to hit showThe Book of Mormon and sporting events such as Yankees and Rangers games.

Ticket-sellers also a target

In the last year, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the U.S.'s second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers' payment card data might have been stolen.

Ticket-sellers also have been targeted. The event ticketing service Vendini last month settled a class action lawsuit related to a data breach in 2013.

Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, Lehrman said.

Authorities generally advise consumers to protect against possible identity theft from such breaches by keeping close watch on their bank statements and using credit card monitoring services, among other tips.