Cybercriminals Exploit StubHub Loophole to Steal and Resell Taylor Swift Eras Tour Tickets, Making Over $600K
A sophisticated cybercrime ring stole nearly 1,000 high-demand concert tickets—including those for Taylor Swift’s record-breaking Eras Tour—and resold them for hundreds of thousands of dollars, New York prosecutors revealed.
The international scheme originated in Kingston, Jamaica, where individuals working for a third-party contractor partnered with StubHub allegedly stole ticket URLs. These stolen tickets were then emailed to accomplices in Queens, New York, who downloaded and resold them at inflated prices for personal profit, Queens District Attorney Melinda Katz announced Monday.
The operation raked in over $600,000 in just one year, primarily by targeting the Eras Tour, which shattered records with $2.7 billion in ticket sales last year. But the fraud didn’t stop there—tickets for other major events like Adele and Ed Sheeran concerts, NBA games, and the U.S. Open Tennis Championships were also stolen and resold.
Last Thursday, authorities arrested two key players in the scheme:
- Tyrone Rose (20) from Kingston, Jamaica
- Shamara Simmons (31) from Queens, New York
Both have been charged with grand larceny, computer tampering, and conspiracy, facing up to 15 years in prison if convicted.
“These defendants exploited the immense popularity of Taylor Swift’s Eras Tour and other major events to line their own pockets,” Katz stated. “By manipulating a loophole through an offshore ticket vendor, they profited at the expense of fans who were desperate to attend these once-in-a-lifetime experiences.”
The investigation remains ongoing, with authorities working to uncover other potential co-conspirators. Meanwhile, the DA’s office urges any Queens residents who believe they were victims of cybercrime to come forward.
Cybercriminals Exploit System Vulnerability to Steal and Resell Nearly 1,000 StubHub Tickets, Making Over $635K
A sophisticated cybercrime operation infiltrated StubHub’s ticketing system, intercepting nearly 1,000 high-demand tickets—including those for Taylor Swift’s record-shattering Eras Tour—and reselling them for an illicit profit of $635,000, according to Queens District Attorney Melinda Katz.
How the Scheme Worked
Between June 2022 and July 2023, two employees of Sutherland Global Services (SGS)—a third-party contractor working with StubHub—allegedly exploited their access to the ticketing system. The individuals, identified as Tyrone Rose and an unapprehended accomplice, accessed a secure area where purchased tickets were stored before being emailed to buyers.
Instead of allowing the tickets to reach their rightful purchasers, the duo rerouted the ticket URLs to co-conspirators Shamara Simmons and another New York accomplice (now deceased). The tickets were then illegally downloaded and resold on StubHub for inflated prices.
StubHub Responds & Cuts Ties with SGS
StubHub confirmed that approximately 350 ticket orders, totaling 993 tickets, were compromised in the scheme. The resale platform identified the fraudulent transactions, refunded or replaced affected orders, and immediately terminated its partnership with SGS.
Crackdown on Ticket Fraud Amid Industry-Wide Security Concerns
The arrests come amid growing concerns over ticketing fraud and cybersecurity vulnerabilities in the entertainment industry.
- In May 2023, Live Nation disclosed that hackers breached a third-party cloud database containing Ticketmaster customer data, exposing the information of over 500 million users.
- Just one month later, a lawsuit accused companies of negligence, alleging that customer data was listed for sale on the dark web for $500,000.
- In October 2023, Ticketmaster users reported that their concert tickets mysteriously disappeared from their accounts. The company later blamed hacker activity targeting fan email accounts.
With ticket fraud on the rise, authorities are urging consumers to remain vigilant and report any suspicious transactions. Meanwhile, the investigation into the StubHub scam remains active, with officials working to identify additional accomplices.
The spokesperson noted that users’ passwords had not been exposed in the data incident earlier that year. The company advised users to protect themselves by “setting a strong unique password for all accounts – especially for their personal email which is where we often see security issues originate.”
“Scammers are looking for new cheats across every industry, and tickets will always be a target because they are valuable, so Ticketmaster is constantly investing in new security enhancements to safeguard fans,” Ticketmaster said in a statement.
