Lessons from the StubHub Hack

picjumbo.com_IMG_4923_resized

As explained in their official news release, "Legitimate customer accounts were accessed by cyber criminals who had obtained the customers' valid login and password either through data breaches of other businesses, or through the use of key-loggers and/or other malware on the customers' PC." The cyber criminals accessed greater than 1500 accounts, purchasing thousands of tickets for concerts and sporting events and selling the tickets locally hours before the events.

This story has come to light recently, due to the fact that the hackers were just charged and indicted, even though the crime was detected back in March 2013. Rarely are the criminals tracked down or caught in these sagas, and almost never are there acts of retribution when a business or users are the prey of such an attack. Manhattan District Attorney Cyrus Vance explained, "Regardless of where the case originates, nearly every cybercrime case begins with similar breaches: a stolen password, unauthorized use of a credit card, or unaccountable charges on a personal statement."

CSO Online reported the breach in Antone Gonsalves’ take on July 24, 2014, “How to prevent a website compromise like StubHub”, where he brings up many measures enterprises can take to avoid being the next company making headlines in such a way. These include multi-factor authentication, improved password management in general, and IP address detection, to name a few. 

At Bitium, providing a Centralized Cloud Management platform means more than just give users single sign-on to all web tools or enterprise identity management. Of course, our customers expect these services --and we happily oblige -- but these are “table stakes” these days. The proliferation of SaaS, and therefore the transformation of how we work, how we make purchases, and ultimately how we live, demands that we think about access in new and innovative ways.