More than 1,000 StubHub customers have had their accounts hacked, an investigation has discovered.
The online ticketing firm - which is owned by eBay - confirmed the attack on over 1000 of its customers, who said that cyberattackers made ticket purchases using the user's details.
However, the San Francisco based company insisted that the hackers didn't penetrate its servers, but would have gained access to accounts via customers IDs the criminals would have garnered from various sources.
Early reports indicate that hackers gained the IDs from computers infected by malware that is designed to copy passwords, or from log-in details from other websites.
The City of London Police was part of the international investigation that discovered the illegal activity, alongside the US Secret Service and Canadian Mounted Police, with arrests expected to be announced in due course at Manhattan District Attorney Cyrus Vance's press conference.
StubHub allows users to buy and sell second hand tickets, much like the manner in which its parent site, eBay, operates.
This is the second time this year that eBay has had its security credentials compromised.
Usernames, passwords, email addresses, phone numbers, physical addresses and dates of birth were all stolen in an attack on eBay that took place between February and March, potentially affecting all 233 million users.
Cyberattackers were able to gain access to the database through employee login credentials, though it is not yet clear how such details were compromised.