The US has charged six members of an international cyber crime gang that hacked into user accounts to defraud eBay's Stubhub ticket reselling website of about $1m.
The men were arrested in the UK, Canada and Spain in connection with the scam in which more than 1,600 StubHub users had their credit cards used to buy tickets, which were then sold on by the criminals.
The City of London police force said it had arrested three others in connection with the scam and Canadian police said they had arrested an additional suspected money launderer in Toronto.
Three of the men charged by the US so far are from Russia, while the rest are US citizens.
The scam, which was detected on Stubhub accounts in 2013, involved a "global cybercrime ring", according to New York County's district attorney office.
This is the second breach disclosed this year by eBay, which said Stubhub accounts had been accessed using login credentials collected in other data breaches or using malware victims’ computers.
The company said its servers had not been hacked and that as soon as fraudulent transactions had been detected, account holders had been contacted by Stubhub and refunded.
The criminal profits from the scam are believed to have been laundered through legitimate UK bank accounts, according to City of London Police.
Vadim Polyakov, 30, and Nikolay Matveychuk, 21m have been charged with money laundering and crimes relating to identity theft, according to the BBC.
The two Russians allegedly used information stolen fromStubhub's accounts, as well as credit card details stolen from other victims to purchase more than 3,500 tickets from the site.
They are accused of then passing the tickets to three men from New York and New Jersey.
Daniel Petryszyn, 28, Laurence Brinkmeyer, 29, and Bryan Caputo, 29, are charged with reselling the tickets and sending the proceeds to PayPal accounts and bank accounts in the UK and Germany.
One of these accounts is said to have belonged to Russian Sergei Kirin, 37, who is charged with laundering the cash.
Manhattan district attorney Cyrus Vance said criminal proceeds were also sent to other money launderers in the UK and Germany.
Robert Capps, a former head of global trust and safety for Stubhub and currently an executive at cyber security company, RedSeal Networks, said the co-ordinated crackdown should be used as the gold standard for future collaboration between private firms and the International law enforcement community.
“Collaboration at this scale is required to turn the tables on cyber criminals, and it should not be underestimated as to what was accomplished in this operation,” he said.
Such co-ordinated action, said Capps, demonstrated that criminals are no longer safe to travel and operate outside of their home country without significant risk of arrest and prosecution.
But, he said, cyber attacks and data breaches are still far too easy for attackers with even a moderate level of skill.
“We must continue working to make our systems and economy more resilient to attack, said Capps.
He said he had joined RedSeal Networks to work on this specific problem and to make it easier for network owners to protect their assets and defend against intrusion and data breach.
Read more on cyber fraud
- Cyber fraudsters net up to $3.75bn in Brazil
- Cyber crime a top fraud concern for UK business
- Five cyber attackers arrested over UK tax fraud
- Cyber thieves tap over €500,000 from European bank
- Eight hackers charged with $45m cyber fraud
- Identity theft linked to 60% of UK fraud in 2013
- Security researchers uncover global cyber fraud gang