OTA and leading security organizations have been warning for years the danger of using similar combinations of the same password across multiple accounts. It is no surprise that StubHub customers are the most recent victims of a major account takeover scam perpetrated by an international cybercrime ring. The increase of data breaches (along with spearphishing) is driving an increase in account takeover incidents.
This method was used to steal over $10 million from StubHub by taking over more than 1,000 accounts legitimate accounts. We can’t stress this enough, use strong and unique passwords and when possible create unique user names for your different accounts.
Cyber criminals share data all over the web. Stolen account information and personally identifiable information can be found on the internet after most major data breaches. Cyber criminals take your username and password, then run a script on commonly used websites to see if you have the same login information on another site. They can also run thousands of combinations with similar yet slightly different passwords in seconds. OTA continues to support the promise of federated ID systems and the National Strategy for Trusted Identities In Cyberspace. We also encourage all members to adopt inbound and outbound email authentication to reduce spearphishing incidents. Share your thoughts.