CBS2-Header-Logo WFAN 1010WINS WCBS tiny WLNYLogo
UN GENERAL ASSEMBLY - Latest News | Getting Around Town | Traffic Map | Listen Live: WCBS 880 | 1010 WINS

News

Manhattan DA: Thieves Got Into More Than 1,000 StubHub Accounts

TRI-STATE NEWS HEADLINES

From our newsroom to your inbox weekday mornings at 9AM.
Sign Up

NEW YORK (CBSNewYork/AP) — Six people have been indicted in an international ring that managed to take over more than 1,000 StubHub users’ accounts and fraudulently buy tickets for events through the online ticket reseller, Manhattan District Attorney Cyrus R. Vance Jr. said.

The thieves would buy tickets to prime events, such as Jay-Z and Elton John concerts, a New York Yankees-Boston Red Sox game, the U.S. Open and sold-out Broadway shows like “The Book of Mormon,” and then resell the tickets and split up the proceeds, Vance said.

Manhattan DA: Thieves Got Into More Than 1,000 StubHub Accounts

452564364 Manhattan DA: Thieves Got Into More Than 1,000 StubHub Accounts
Juliet Papa reports

“Today’s arrests and indictment connect a global network of hackers, identity thieves and money-launderers who victimized countless individuals,” Vance said at a news conference Wednesday.

He said investigators pored over more than 1,600 compromised accounts to trace the accused thieves via Internet protocol addresses, PayPal accounts, bank accounts and other financial accounts around the world.

Manhattan DA: Thieves Got Into More Than 1,000 StubHub Accounts

452564414 Manhattan DA: Thieves Got Into More Than 1,000 StubHub Accounts
Irene Cornell reports

Money stolen in the scheme, in ticket value, was at least $ 1.6 million, Vance said.

In addition to the six people indicted in the New York City case, four others have been arrested internationally: three in London and one in Toronto, under charges in their respective countries, Vance said.

StubHub said it was alerted to “a small number of accounts that had been illegally taken over by fraudsters” last year and the online ticket seller began working with authorities around the world.

StubHub, which is based in San Francisco, said that the thieves didn’t break through its security — rather, they got account-holders’ login and password information from data breaches at other websites and retailers or from key-loggers or other malware on the customers’ computers, spokesman Glenn Lehrman said.

“It is important to note, there have been no intrusions into StubHub technical or financial systems,” Lehrman said. “We are pleased to be able to play a role in this effort as part of StubHub’s continuing commitment to maintaining safe and open markets for fans to buy and sell tickets.”

StubHub gave the affected customers refunds and help changing their passwords, Lehrman said.

Ticket buyer Joseph Gaebler said the news won’t scare him away.

“I think I’m willing to take the risk for the added convenience,” he told CBS 2’s Kristine Johnson.

Julia Reineke, however, said she’ll think twice.

“I’m shocked and I don’t feel safe buying stuff on StubHub anymore,” Reinke said.

StubHub, owned by eBay Inc., is the leading digital marketplace for reselling concert, sports, theater and other tickets, offering brokers and fans a way “to buy or sell their tickets in a safe, convenient and highly reliable environment,” as its website pledges. The company, which serves as an official secondary ticket market for such entities as Major League Baseball, this spring unveiled plans to become an event producer itself, selling tickets to a handful of its own concerts.

News of the arrests comes amid growing concern about data thieves targeting retailers and other consumer giants.

In the last few years, major companies such as Target, LinkedIn, eBay and Neiman Marcus have been hacked. Target, the nation’s second-largest discounter, acknowledged in December that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend. Even Goodwill Industries Inc. found itself announcing last month that shoppers’ payment card data might have been stolen.

Ticket-sellers also have been targeted. The event ticketing service Vendini last month settled a class action lawsuit related to a data breach in 2013.

Since many people use the same passwords at multiple retailers, hackers who get hold of a password for one site often try it at another, Lehrman said.

Authorities generally advise consumers to protect against possible identity theft from such breaches by keeping close watch on their bank statements and using credit card monitoring services, among other tips.

You May Also Be Interested In These Stories:

(TM and © Copyright 2014 CBS Radio Inc. and its relevant subsidiaries. CBS RADIO and EYE Logo TM and Copyright 2014 CBS Broadcasting Inc. Used under license. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.)