The accounts of more than 1,000 StubHub users have been hacked by cyberthieves who have fraudulently made purchases on the online ticket reseller’s site, which is owned by eBay. News of the security breach was reported last night by the Associated Press.
A law enforcement official told the AP that arrests in this case are expected span across international borders.
StubHub claims the security breach didn’t occur on its site–rather, the cyberthieves accessed users’ personal information through other websites or malware on users’ computers. StubHub goes on to state that it identified the illicit transactions last year, contacted authorities, and issued refunds.
Manhattan District Attorney Cyrus Vance Jr. will hold a press conference today on the issue at 2 p.m. ET. Check back for updates.
UPDATE 2:58 P.M. ET 7/23/2014:
Manhattan District Attorney Cyrus R. Vance, Jr. has announced the indictment of six individuals involved in the StubHub security breach.
The statement from the DA’s office acknowledges StubHub taking action last year by reporting the unauthorized purchases to authorities.
However, investigators learned that the criminal ring was able to circumvent security protocols within the accounts by using new credit card information stolen from additional victims, instead of the original victims’ preexisting card information. After investigating the receipts and transaction records of more than 1,600 illegally accessed accounts, analysts in the DA’s Office were able to trace the exchanges to internet protocol addresses, PayPal accounts, bank accounts, and other financial accounts used and controlled by the indicted individuals.
Read the DA’s full statement here.