The online ticket resale service Stubhub has revealed that fraudsters broke into the accounts of more than 1,000 of its customers and made purchases without their permission.
It is the second breach to have been disclosed by the business’s parent company, eBay, this year.
However, in this latest case the firm said its servers had not been hacked. Instead, it indicated, the thieves had used IDs obtained from other attacks. The suggestion is that the affected StubHub customers had shared their log-in details between different sites or had had their computers infected with malware that had copied their passwords. Stubhub spokesman Glenn Lehrman said that the company had worked with law enforcement officers across the globe over the course of the past year after being alerted to the problem. The Manhattan district attorney’s office is expected to hold a news conference later in the day to provide more detail. The Associated Press news agency reported that officials from City of London Police, the Royal Canadian Mounted Police and the US Secret Service would attend to provide information about arrests.
EBay made users change their passwords to its main online marketplace in May after revealing hackers had accessed a database containing names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.