Hackers Made $600,000 Selling Stolen Taylor Swift Concert Tickets
A group that hacked into StubHub’s computer system and stole more than 900 digital event tickets – most of them to Taylor Swift’s wildly successful Eras tour that ended in December – reaped more than $600,000 in profit by reselling them on StubHub.
Two of those involved were arrested and arraigned in New York City, charged with such crimes as grand larceny, computer tampering, and conspiracy, according to the Queens District Attorney’s Office. At least one more person is being sought in Jamaica.
The scam involved employees working for a third-party contractor, Sutherland Global Services, in Kingston, Jamaica, who had access to the ticket vendor’s computer system. Between June 2022 and July 2023, they used a backdoor to gain entrance in a secure area on the network that was used to give tickets that were already sold a URL and prepare them to be emails to the buyers for download.
One of the defendants, 20-year-old Tyrone Rose, and an unnamed and still-at-large accomplice redirected the URLs to a resident of Queens, New York, Shamara Simmonds, 31, and another person, who has since died. The New York residents downloaded the tickets and sold them on StubHub, pulling in $635,000.
Almost 1,000 Tickets Stolen
According to Queens DA Melinda Katz, the group in Jamaica intercepted about 350 StubHub orders that included 993 tickets. While most were for Swift’s concert tour, others were to such events as concerts by Adele and Ed Sheerhan, NBS games, and the U.S. Open tennis tournament in New York City.
“These defendants tried to use the popularity of Taylor Swift’s concert tour and other high-profile events to profit at the expensive of others,” Katz said in a statement. “They allegedly exploited a loophole through an offshore ticket vendor to steal tickets to the biggest concert tour of the last decade and then resold those seats for an extraordinary profit.”
The probe by her office is ongoing as investigators try to determine the extent of the conspiracy. Both Rose and Simmonds were arrested and arraigned February 27 and are due to return to court March 7. Rose reportedly was arrested while visiting New York and he surrendered his passport.
StubHub executives in statements to news organizations said they reported the problem to both Katz’s office and Sutherland, cut ties with Sutherland, and replace or refunded all of the orders stolen in the heist.
Such Scams an Ongoing Problem
The case is the latest in ongoing concerns about stolen and resold event tickets from online sites, a problem that was only heightened last year by a massive data breach of Ticketmaster in which the personal data of more than 560 million customers was stolen. The ticket giant was one of more than 165 companies whose accounts with cloud storage vendor Snowflake were hacked by bad actors who found or bought exposed, legitimate credentials and used them to log in.
Albert Casares, CTO with cybersecurity company Constella Intelligence, wrote in a blog post last summer that, a result of the Ticketmaster breach, threat actors obtained barcode data for hundreds of thousands of tickets to Swift’s Eras tour. The singer reportedly grossed more than $2 billion on the tour.
Protecting the Business
Aaron Hall, a business attorney in Minnesota who wrote a column in January about steps ticketing organizations should take to strengthen their businesses against ticket theft, said the crime, while it may appear minor, is about much more than individual losses.
“The growing prevalence of ticket resale platforms has created an environment ripe for fraud, complicating the landscape for event organizers and attendees alike,” Hall wrote. “Unscrupulous individuals exploit loopholes in the resale market, leading to significant revenue loss and damaging reputations.”
Such businesses need to adopt advanced technologies like blockchain to ensure authenticity and reduce the risk of fraud and data analytics to identify patterns in ticket theft and create strategies for recovering lost revenue.
They also need to establish clear ticket validation processes and reporting protocols to rapidly address theft and minimize revenue loss, educate customers about safe ticket purchasing practices and buying tickets from legitimate sources, and work with law enforcement agencies and others in the industry to share intelligence.
