Seven people linked to an international cybercrime ring were arrested for defrauding online-ticketing company StubHub of about $1.6 million.
The operation, which involved police forces from several countries, was tracking the cyber thieves for hacking into the online accounts of more than 1,000 StubHub customers to access tickets for events ranging from Yankee games to Jay-Z concerts, according to an Associated Press report. StubHub’s security team first alerted the district attorney’s office in Manhattan and the U.S. Secret Service about the criminal hacking operation, which was found to date back to 2012, according to NBC.
At a press conference on Wednesday in New York, Manhattan District Attorney Cy Vance, joined by officials from Canada and the UK, told reporters that the operation “reflects the increasingly global landscape in which financial and cyber criminals operate,” according to a Reuters report.
Three Americans were indicted for re-selling stolen tickets. Daniel Petryszyn, 28, of New York; and, Laurence Brinkmeyer, 29, and Bryan Caputo, 29, both from New Jersey, reportedly sold the tickets on websites such as StubHub, eBay, TicketsNow, Craigslist and, occasionally in person at concerts, Vance reportedly said.
The tickets ranged from concerts featuring Elton John, Justin Timberlake and Jay-Z to sporting events of the Yankees, Giants, Jets and Rangers, as well as Broadway shows such as “The Book of Mormon,” according to Reuters.
The officials also announced charges against a Russian national who was detained while vacationing in Spain. Three suspects were also arrested in London and another was detained in Canada. Vadim Polyakov, 30, the Russian arrested in Spain, is accused of being the ringleader, while Nikolay Matveychuk, 21, also of Russia, is charged with using stolen credit-card numbers to buy more than 3,500 tickets.
Ring leader Polyakov directed the three American men to deposit the fraudulently acquired proceeds into multiple accounts in the UK and Germany, according to prosecutors. One of the bank accounts belongs to Sergei Kirin, 37, a Russian who runs money-laundering services online and took a cut of the transactions’ proceeds, reports said.
The fraudulent purchases on StubHub, which is owned by eBay Inc. (NASDAQ:EBAY) and is based in San Francisco, were done using credentials stolen by hacking into other sites, and not by a breach of the StubHub site, Glenn Lehrman, a company spokesperson, told Reuters.
Customers often use the same password on multiple sites, making it easy for hackers to gain access to online accounts, authorities said. And, over the past year, major companies such as eBay, Target Corporation (NYSE:TGT), LinkedIn Corp (NYSE:LNKD) and Neiman Marcus have been hacked. Last month, another event-ticketing service Vendini of California settled a class-action lawsuit related to a data breach in 2013, NBC reported.