EBAY TICKET SERVICE Stubhub has followed the lead of its parent and confessed to a customer password heist.
eBay had its own password issue recently and handled it like a robot with paddles for hands might handle a greased pig.
Eventually it tackled the situation by actually resolving it, and we might have assumed that eBay's password protection status was at least back to amber level.
Not so. Stubhub, the firm's ticket selling arm, has been shipping more than tickets to see Little Direction, La Lorde and Shaggy.
According to Manhattan district attorney Cyrus Vance, Jr, a cybercrime ring ran rampant through the service, swiping personal details and other information.
At least they did. The district attorney said that six individuals have now been indicted for the spree, adding that they have reach into the US, UK and Russia.
"Cybercriminals know no boundaries - they do not respect international borders or laws. Today's arrests and indictment connect a global network of hackers, identity thieves, and money-launderers who victimized countless individuals in New York and elsewhere," said Vance.
"The coordinated actions of law enforcement officials in New York, New Jersey, the United Kingdom, and Canada demonstrate what can be achieved through international cooperation. I thank all of our partners, including the City of London Police, Royal Canadian Mounted Police, the United States Secret Service, and the NYPD for their integral assistance with this investigation."
Indicted are Vadim Polyakov, 30, of Russia and Nikolay Matveychuk, 21, Daniel Petryszyn, 28, and Daniel Petryszyn, 28, of New York, Bryan Caputo, 29, of New Jersey, and Sergei Kirin, 37, again of Russia,
As well as the six indictees, three men, aged 27, 39, and 46, were arrested in London on suspicion of money laundering offenses and taken to local police stations for questioning. They are not named.
"This is an important investigation, targeting cyber criminals who are believed to have defrauded Stubhub out of $1m, by hacking its United States' customers' accounts to fraudulently purchase and sell tickets, and then laundered their criminal profits through legitimate UK bank accounts," said City of London police commissioner Adrian Leppard.
"The coordinated arrests in New York and London highlight how law enforcement will work globally to protect legitimate businesses and consumers from cyber-enabled fraud through the relentless pursuit of suspected criminals."
Stubhub acknowledged the assist and thanked the boys in blue for their efforts. It said that the situation affected small parties, with some impact. The takeaway is that affected customers are already in secure hands, and their assailants, mostly, are in the hands of the police.
"It is important to note, there have been no intrusions into Stubhub technical or financial systems. Legitimate customer accounts were accessed by cyber criminals who had obtained the customers' valid login and password either through data breaches of other businesses, or through the use of key-loggers and/or other malware on the customers' PC[s]," it said.
"Our customers are our number one priority. Once fraudulent transactions were detected on a given account, affected customers were immediately contacted by Stubhub's Trust and Safety team and refunded any unauthorised transactions. We also assisted customers with changing their password to secure their account from further activity."
This incident, like so many before it, serves as a reminder to use strong passwords across the board, and mix them up.
"A stolen password may reveal the formula to all of your other passwords, or worse, give hackers immediate access to those accounts that use the exact same password," said Troy Gill, senior security analyst at Appriver.
"Stubhub, for example, stated that online thieves did not break through its security, but rather gained access into accounts from data breaches at other websites or from keylogging software or other malware." µ