StubHub is an eBay company that deals with what’s called “secondary ticketing,” brokering the buying and selling of tickets to sporting events, music concerts, theatre shows and more.
The crooks, it seems, made their money by buying tickets fraudulently via compromised StubHub accounts, and then sending those tickets to scalpers who sold them “on the ground” shortly before each event was due to start.
According to a press release issued by the New York District Attorney’s Office, the crooks acquired usernames and passwords for more than 1000 StubHub accounts.
→ Exactly how the crooks got hold of those passwords is not known. Likely methods are: phishing, where victims are tricked into entering their real passwords on a fake site; through poor choice, where crooks simply guess at the passwords of victims who have chosen unwisely; or due to re-use, where a password stolen from one site turns out to work on other sites used by the victim. Picking proper passwords, and using them on one site only, helps a lot.
The crooks started off by buying tickets directly, using the credit card data already stored in their victims’ accounts.
That raised alarms, presumably because keen StubHub users knew what to expect on their credit card accounts, so the crooks added a twist.
They acquired stolen credit card credentials, uploaded those to the stolen accounts, and carried on buying tickets.
Although the fraudulent purchases would still show up in the victims’ StubHub accounts, they wouldn’t show up on the their credit cards.
By this trickery, the crooks allegedly scalped more than 3500 tickets in New York and New Jersey, thus turning the stolen tickets directly into cash.
Anyway, one of the accused was a certain Vadim Polyakov, who was arrested on 03 July 2014 while on vacation in Barcelona, Spain.
Polyakov has been waiting to see if he could avoid extradition to the US, but it seems his wait is over.
According to the Moscow Times, Spain will soon be sending him across the Atlantic to face charges in the US.
Chalk one up for the long arm of the law in this case…
Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.