Thanks for choosing Orange County Computer, Inc.

949-699-6619 | 8am – 5pm Monday – Friday : Saturday by Appointment

Orange County Computer INC.
  • OCC Home
  • About Us
    • Blog
    • Location
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Tech Center Services
    • Desktop Repair
    • Laptop Repair Services
    • Virus Removal
    • Tech Support Services
    • Data Recovery
    • E-Waste Recycling
    • Disaster Recovery
  • Business IT Services
    • Enterprise WiFi Solutions
    • Managed Services
    • Software Licensing
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Disaster Recovery Solutions
    • Data Backup & Storage Solutions
    • Offsite Backup
    • Software Support
    • Virtualization
    • Firewall & Security
    • Servers
  • Web Services
    • Domain Registrar
    • Hosting Services
    • Web Design
  • OCC Home
  • About Us
    • Blog
    • Location
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Tech Center Services
    • Desktop Repair
    • Laptop Repair Services
    • Virus Removal
    • Tech Support Services
    • Data Recovery
    • E-Waste Recycling
    • Disaster Recovery
  • Business IT Services
    • Enterprise WiFi Solutions
    • Managed Services
    • Software Licensing
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Disaster Recovery Solutions
    • Data Backup & Storage Solutions
    • Offsite Backup
    • Software Support
    • Virtualization
    • Firewall & Security
    • Servers
  • Web Services
    • Domain Registrar
    • Hosting Services
    • Web Design

The root of the StubHub Breach was Stolen Passwords

Orange County Computer INC. > About Us > Blog > OCC News > The root of the StubHub Breach was Stolen Passwords

The root of the StubHub Breach was Stolen Passwords

An international cyber crime ring that defrauded online-ticket reseller StubHub of $1 million now face charges.

Six men face money laundering, identity theft and grand larceny charges for their role in the cybercrime ring. They defrauded StubHub, a subsidiary of eBay, by purchasing thousands of fraudulent e-tickets to popular concerts, sporting events and Broadway shows.

Police charged Vadim Polyakov, 30, of Russia and Nikolay Matveychuk, 21, of New York for using stolen account credentials to access StubHub accounts and then using stolen credit card numbers to purchase more than 3,500 fraudulent e-tickets. The tickets were to a variety of concerts featuring Elton John, Marc Anthony, Justin Timberlake and Jay-Z, according to Manhattan District Attorney Cyrus R. Vance, Jr., who announced the indictments Wednesday. Investigators believe the e-tickets were sent to a group of individuals in New York and New Jersey to be resold within hours of an event.

StubHub discovered the fraudulent purchases in March, investigators said. The men are believed to have obtained the usernames and passwords through either a data breach or the use of malware, StubHub said in a statement. Police believe the men also used new credit card information stolen from additional victims to circumvent security protocols within the accounts. Once the fraud was identified, StubHub added security measures to prevent account hijacking.

“Once fraudulent transactions were detected on a given account, affected customers were immediately contacted by StubHub’s Trust and Safety team and refunded any unauthorized transactions,” StubHub said in a statement. “We also assisted customers with changing their password to secure their account from further activity.”

The other men being indicted are believed to have played a role in a money-laundering scheme involving tra

Investigators traced the fund transfers from the PayPal accounts to Sergei Kirin, 37, a Russian national, who advertised money-laundering services online. Thousands of dollars were also split into separate payments and sent by wire transfer to other money-launderers in London, England and Toronto, Canada, investigators said.nsferring the proceeds through a global network of people in the United States, United Kingdom, Russia and Canada. Daniel Petryszyn, 28; Laurence Brinkmeyer, 29; and Bryan Caputo, 29, are charged with reselling stolen tickets they received from Polyankov. The money made from ticket sales were then directed to multiple PayPal accounts controlled by Polynankov, investigators said.

Polyakov was arrested July 3 at a hotel in Barcelona where he was vacationing and is being extradited to the U.S. to face the charges. Authorities in London and Canada also made arrests of people associated with the money laundering operation.

Stolen passwords are at the root of nearly every major data breach, according to forensics investigators and other security experts. It only takes seconds for an attacker to gain access to sensitive information protected by weak or default account credentials, according to the 2014 Verizon Data Breach Investigations Report.

The rising value of stolen account credentials has fed a litany of password breaches at online services, social networks and ecommerce sites. Ebay, which owns StubHub, reset the passwords of all 145 million users of its site in May following a security incident in which a stolen employee password led to a password breach and the personal information of account holders.

“Attackers have done a remarkable job of using social engineering to get users to run malware,” Sherman said.Technology alone cannot solve the issue, said Andrew Sherman, the security practice lead at New York City-based solution provider Eden Technologies. Organizations need to protect sensitive information and are starting to realize that system complexity leads to common configuration errors and weaknesses that lead to many security incidents, Sherman said. But people and end users need to be better educated and the processes involved should be thoroughly documented to identify the weakest points in the system that pose the biggest risk, he said.

Orange County Computer®, recommends having a different secure password for every site you access. Secure Passwords should be at least eight characters long and have a mixture of uppercase, lowercase, numbers, and special terms like !@#.  If you feel that your system or network may be at risk, or the security of your system has been compromised, contact the Cyber Security Experts at Orange County Computer® so we can minimize the damage. Call our Tech Center at (949) 699-6619 or visit us online at OrangeCountyComputer.com. We are happy to help.

15-Year-Seal_Silver

Information originally obtained from  CRN’s Robert Westervelt. View Robert Westervelt’s story here

← The Quest for a Culture of Data Security
Microsoft Will End Some Windows 7 Support →

Recent News

  • AdSense Fraud Campaign: Is your site infected?
  • Looking for a Windows 10 Download? You’re Out of Luck!
  • Celebrating 25 Years as a Technology Solutions Provider!
  • The Southwest Airlines IT Meltdown
  • ‘Tis the season… to avoid holiday scams!

Contact Us

Orange County Computer, Inc.

26150 Enterprise Way, Suite 400
Lake Forest, CA 92630

949-699-6619

Recent Posts

  • AdSense Fraud Campaign: Is your site infected?

    Last fall, website security and performance specialists Sucuri reported on a mal...

  • Looking for a Windows 10 Download? You’re Out of Luck!

    On January 31st, Microsoft stopped the direct sale of Windows 10 licenses on its...

Search

    • Home
    • Site Map
    • Remote Support