Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Two individuals were arrested this week in a sophisticated cybercrime operation targeting high-demand events. They were accused of orchestrating a $600,000 ticket theft scheme involving Taylor Swift\u2019s Eras Tour and other major concerts.\u00a0<\/p>\n
Queens District Attorney Melinda Katz revealed that Tyrone Rose, 34, and Shamara P. Simmons, 29, exploited security flaws in an offshore third-party ticket vendor\u2019s systems to intercept and resell over 900 digital tickets through StubHub.\u00a0<\/p>\n
The operation, which ran for nearly a year, leveraged URL session<\/a> hijacking and automated credential stuffing scripts to bypass vendor protections, marking one of the most technically complex ticket fraud cases in recent memory.<\/p>\n As stated by Deadline, the hackers allegedly targeted a Jamaica-based contractor responsible for managing ticket transfers for StubHub.\u00a0<\/p>\n Forensic analysts identified that the defendants used Python-based scraping tools to exploit insecure API endpoints<\/a> within the vendor\u2019s platform. <\/p>\n One script utilized the requests library to systematically harvest valid ticket URLs.<\/p>\n The script allegedly extracted direct ticket URLs by impersonating authorized users through compromised OAuth tokens.\u00a0<\/p>\n The stolen links were then transmitted to co-conspirators in Queens, who used Selenium automation to mass-download PDF tickets and list them on StubHub under fraudulent accounts. Security experts noted the operation combined social engineering and infrastructure vulnerabilities.<\/p>\n The offshore vendor\u2019s lack of IP rate-limiting and multi-factor authentication (MFA) allowed the hackers to brute-force employee credentials.\u00a0<\/p>\n Once inside, they deployed SQL injection payloads<\/a> to extract customer transaction records. This data enabled targeted attacks on high-value tickets, with resale prices averaging 300% above face value for Eras Tour seats.<\/p>\n The DA\u2019s cybercrime unit traced $612,000 in illicit profits through cryptocurrency wallets linked to Rose\u2019s Coinbase account.<\/p>\n Rose and Simmons face 15 felony counts, including first-degree computer trespass (NY Penal Law \u00a7 156.10) and grand larceny via unauthorized access (\u00a7 155.30).\u00a0<\/p>\n Prosecutors emphasized the defendants\u2019 use of offshore proxy servers and encrypted Telegram channels<\/a> to obscure their activities. StubHub has since mandated JWT token validation and reCAPTCHA v3 implementation for third-party integrations.\u00a0<\/p>\n The Queens DA\u2019s Economic Crimes Bureau is collaborating with INTERPOL to identify additional conspirators in Jamaica.\u00a0 Of the 917 stolen tickets, 68% were tied to Eras Tour dates at MetLife Stadium and SoFi Arena.<\/p>\n Affected fans may file claims under New York\u2019s Cybercrime Victim Restoration Act, though legal experts warn reimbursement could take 18\u201324 months.<\/p>\n As Swift\u2019s tour continues until 2025, industry leaders encourage fans to buy using verified platforms that use DMARC-certified email validation and blockchain-based<\/a> NFT tickets.<\/p>\n This case highlights the rising conflict between cyber criminals and live-event cybersecurity professionals in the post-pandemic concert industry.<\/p>\n The post Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nTechnical Exploitation of Vendor Systems<\/strong><\/h2>\n
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup ->\u00a0Try for free<\/a><\/code><\/strong><\/strong><\/p>\n