On Wednesday authorities wrapped up an 8 month long investigation into a hacking attack on the popular ticket exchange site Stubhub. The international investigation resulted a total of 10 people in New York, London and Toronto. 6 of the 10 involved in the international ring were arranged in Manhattten.
“Today’s arrests and indictment connect a global network of hackers, identity thieves and money-launderers who victimized countless individuals,” Manhattan District Attorney Cyrus R. Vance said at Wednesday’s news conference.
Stubhub was alerted to the attack in December of last year and quick contacted the authorities. The authorities sifted through over 1.000 customer accounts that were found to have been affect by the malicious scheme that stole information and made purchase that were estimate at $1.6 million or more. Some of the fraudulent purchases charge to the account were tickets to Jay Z and Elton John concerts, a New York Yankees-Boston Red Sox game and Broadway shows like The Book of Mormon.
“It is important to note, there have been no intrusions into StubHub technical or financial systems,” spokesman Glenn Lehrman said.
Much the same as other attacks that have hit other retailers, restaurants and e-commerce sites the attack didn't break into the main server. It was instead an ambush attack where the perpetrators will place malware at the checkout were it will latch-on to customer's accounts as they would buy or sell their tickets. The malware can then burrow into that persons computer to retrieve passwords, credit card information and other account information.
According to Stubhub they have reimbursed all of the customers that were victimized in the attack. They also helped those customers change their passwords. They didn't say if they were providing any type of account monitoring.
Authorities advise that advise keeping a close watch on back statements and use monitoring services. Other precautions that are advisable to help prevent other such incidents are to have updated security software, such as, firewalls, anti-malware and account encryption.