Six charged over StubHub e-ticket heist for Elton John gigs Six suspected cybercriminals have been indicted over their alleged involvement in a hack attack on eBay-owned ticketing website StubHub. Thieves got into more than 1,600 of StubHub customers' accounts and used their credit card details to fraudulently buy tickets for events through the online ticket reseller. The scam - …
Unfortunately, with many users having poor password practices, attacks like this are only likely to increase
There are plenty of laws and rules surrounding financial institutions. Why shouldn't sites that are work with or gather financial data treat customers in the same manner corporate IT tends to treat users, enforcing password strength, forcing them to change on a regular basis, et cetera? I know this would not be popular among customers, so it would cause many to go to less secure sites as they would be easier to deal with unless there were some industry-wide requirement to have this in place in order to do business.
There has been plenty of discussion among El Reg readers concerning passwords and their use, so I am sure that someone will point out the error of my ways, but I would like just once to see government get ahead of a real problem instead of being completely reactive or, worse and more typical, manufacturing the crisis themselves.
You forgot the "sir" title, mouahahahahaha
They hacked to buy tickets with other people's cash then sold them, I guess on ebay .... JB and EJ fans, another group of fools who easily part with their cash. I mean, you can legally purchase the entire catalog of Elton John for the price of a seat - and do not say you see him ... from where you sit, he will be size of your fingernail.
I understand taste is a matter of ... taste, so I not start being subjective ...
I only hope that a change in the law, or in perceived "good" practice, never causes all e-commerce sites to start adding those stupid 'onpaste="return false"' parameters to their input fields, making it impossible to paste in such things as my debit-card number (it's 16 digits long for gods' sake, even if it were memorable it would be a pain to type every time) or (even worse) my password (if a password is even feasible to remember or to type, much less easy, it's nowhere near strong enough). As I explained this morning in a reply to an email from one such shite wondering why I never completed the order I was trying to place with them, if I encounter this or any other dumb and pointless obstacles to my ordering, I take my business to another site whose webmasters aren't so stupid.
The day all e-commerce entails jumping through such hoops will be the day e-commerce is dead as far as I'm concerned.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
