StubHub
Company Details
Linkedin ID:
stubhub
Website:
Employees number:
1,653
Number of followers:
58,200
NAICS:
5112
Industry Type:
Homepage:
stubhub.com
IP Addresses:
0
Company ID:
STU_6148738
Scan Status:
In-progress
StubHub Company CyberSecurity Posture
stubhub.com
At StubHub, our mission is to give everyone the freedom to access and connect through live experiences. As the world's leading live event marketplace, we connect fans, sellers, and partners globally, providing access to an expansive catalog of events across more than 90 countries and territories. In 2024 alone, fans purchased over 40 million tickets from more than 1 million unique sellers on our marketplace. Operating in 33 languages and offering transactions in 48 currencies, StubHub ensures that fans everywhere can discover and attend events seamlessly, no matter their location. From sports and music to comedy, dance, festivals, and theater, we enable fans to access unforgettable experiences worldwide. Our trusted and secure platform guarantees a zero-breakage ticket-buying experience, supported by advanced pricing intelligence for fair and transparent ticketing. StubHub is redefining live entertainment through consumer-focused products, omnichannel marketing excellence, and unparalleled global selection. Ready to shape the future of live entertainment?
StubHub A.I CyberSecurity Scoring
StubHub Risk Score (AI oriented)Between 650 and 699
StubHub
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
StubHub Global Score (TPRM)XXXX
StubHub
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
StubHub Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
StubHub
Breach
Rankiteo Explanation
Attack limited on finance or reputation
Description: StubHub, an online ticket exchange platform, suffered a significant cybersecurity breach by employees Tyrone Rose and Shamara P. Simmons, who exploited a backdoor in the system to resell nearly 1,000 event tickets, resulting in an estimated $635,000 in fraudulent profits. The compromised tickets spanned various high-profile events, including Taylor Swift’s Eras Tour, Ed Sheeran concerts, NBA games, and the US Open Tennis Championships. This incident not only led to financial loss but also damaged the company's reputation among its customers and partners.
StubHub Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for StubHub
Incidents vs Software Development Industry Average (This Year)
StubHub has 132.56% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
StubHub has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types StubHub vs Software Development Industry Avg (This Year)
StubHub reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — StubHub (X = Date, Y = Severity)
StubHub cyber incidents detection timeline including parent company and subsidiaries
StubHub Company Subsidiaries
At StubHub, our mission is to give everyone the freedom to access and connect through live experiences. As the world's leading live event marketplace, we connect fans, sellers, and partners globally, providing access to an expansive catalog of events across more than 90 countries and territories. In 2024 alone, fans purchased over 40 million tickets from more than 1 million unique sellers on our marketplace. Operating in 33 languages and offering transactions in 48 currencies, StubHub ensures that fans everywhere can discover and attend events seamlessly, no matter their location. From sports and music to comedy, dance, festivals, and theater, we enable fans to access unforgettable experiences worldwide. Our trusted and secure platform guarantees a zero-breakage ticket-buying experience, supported by advanced pricing intelligence for fair and transparent ticketing. StubHub is redefining live entertainment through consumer-focused products, omnichannel marketing excellence, and unparalleled global selection. Ready to shape the future of live entertainment?
Loading...
StubHub Similar Companies
HubSpot
HubSpot is a leading CRM platform that provides software and support to help businesses grow better. Our platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth. Today, thousands of customers around th
Bosch USA
The Bosch Group’s strategic objective is to create solutions for a connected life. Bosch improves quality of life worldwide with innovative products and services that are "Invented for life" and spark enthusiasm. Podcast: http://bit.ly/beyondbosch Imprint: https://www.bosch.us/corporate-informatio
Agoda
At Agoda, we bridge the world through travel. We aim to make it easy and rewarding for more travelers to explore and experience the amazing world we live in. We do so by enabling more people to see the world for less – with our best-value deals across our 4,700,000+ hotels and holiday properties, 13
Atlassian powers the collaboration that helps teams accomplish what would otherwise be impossible alone. From space missions and motor racing to bugs in code and IT requests, no task is too large or too small with the right team, the right tools, and the right practices. Over 300,000 global compa
Instacart, the leading grocery technology company in North America, works with grocers and retailers to transform how people shop. The company partners with more than 1,500 national, regional, and local retail banners to facilitate online shopping, delivery and pickup services from more than 85,000
IDEMIA Group unlocks simpler and safer ways to pay, connect, access, identify, travel and protect public places. With its long-standing expertise in biometrics and cryptography, IDEMIA develops technologies of excellence with an impactful, ethical, and socially responsible approach. Every day, IDEMI
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
Pitney Bowes is a technology-driven products and services company that provides SaaS shipping solutions, mailing innovation, and financial services to clients around the world – including more than 90 percent of the Fortune 500. Small businesses to large enterprises, and government entities rely on
Intuit
Intuit is a global technology platform that helps our customers and communities overcome their most important financial challenges. Serving millions of customers worldwide with TurboTax, QuickBooks, Credit Karma and Mailchimp, we believe that everyone should have the opportunity to prosper and we wo
.png)
StubHub CyberSecurity News
September 22, 2025 07:00 AM
2 September IPOs That Can Hit the Ground Running
Despite the stock market's incredible September surge, IPO season has been relatively tame, at least compared to the first half.
September 19, 2025 07:00 AM
StubHub IPO flops as shares hit 18% loss in three days
StubHub's public debut is turning into a cautionary tale about IPO timing. The ticket reseller's shares have plummeted 18% from their $23.50...
September 19, 2025 07:00 AM
Netskope Stock Pops Friday, Extending Post-IPO Gains
Shares of cybersecurity company Netskope surged Friday, a day after they began trading on the Nasdaq.
September 19, 2025 07:00 AM
StubHub's stock plunges 10% in third day on NYSE as post-IPO slump deepens
StubHub shares fell for a third straight day after the company's IPO, a contrast to other recent debuts like Klarna, Figma and Circle.
September 18, 2025 07:00 AM
StubHub slumps on day 2 after IPO
StubHub's NYSE:STUB shares down 7.3% at $20.40, after falling as low as $20.05 early Thurs, a day after ticket-selling platform finished in...
September 18, 2025 07:00 AM
Cybersecurity firm Netskope raises $908.2 million in US IPO
Netskope IPO: Netskope, founded in 2012, develops cloud security software that helps businesses safeguard apps, websites and data from cyber...
September 17, 2025 07:00 AM
Ticket reseller StubHub raises about $800 million in US IPO
Ticket reseller StubHub on Tuesday priced its initial public offering at $23.50, within its marketed range of $22 to $25 per share,...
September 16, 2025 07:00 AM
Cybersecurity provider Netskope boosts IPO range as it tests tech hot streak
Netskope lifted its share price range for its upcoming IPO to between $17 and $19, valuing the cybersecurity firm at $7.3 billion at the top...
September 16, 2025 07:00 AM
Five Point-backed WaterBridge raises $634 million in US IPO
WaterBridge Infrastructure raised $634 million in an initial public offering in the United States, the oilfield water management firm said...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
StubHub CyberSecurity History Information
Official Website of StubHub
The official website of StubHub is http://www.stubhub.com.
StubHub’s AI-Generated Cybersecurity Score
According to Rankiteo, StubHub’s AI-generated cybersecurity score is 686, reflecting their Weak security posture.
How many security badges does StubHub’ have ?
According to Rankiteo, StubHub currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does StubHub have SOC 2 Type 1 certification ?
According to Rankiteo, StubHub is not certified under SOC 2 Type 1.
Does StubHub have SOC 2 Type 2 certification ?
According to Rankiteo, StubHub does not hold a SOC 2 Type 2 certification.
Does StubHub comply with GDPR ?
According to Rankiteo, StubHub is not listed as GDPR compliant.
Does StubHub have PCI DSS certification ?
According to Rankiteo, StubHub does not currently maintain PCI DSS compliance.
Does StubHub comply with HIPAA ?
According to Rankiteo, StubHub is not compliant with HIPAA regulations.
Does StubHub have ISO 27001 certification ?
According to Rankiteo,StubHub is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of StubHub
StubHub operates primarily in the Software Development industry.
Number of Employees at StubHub
StubHub employs approximately 1,653 people worldwide.
Subsidiaries Owned by StubHub
StubHub presently has no subsidiaries across any sectors.
StubHub’s LinkedIn Followers
StubHub’s official LinkedIn profile has approximately 58,200 followers.
NAICS Classification of StubHub
StubHub is classified under the NAICS code 5112, which corresponds to Software Publishers.
StubHub’s Presence on Crunchbase
Yes, StubHub has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/stubhub.
StubHub’s Presence on LinkedIn
Yes, StubHub maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/stubhub.
Cybersecurity Incidents Involving StubHub
As of December 03, 2025, Rankiteo reports that StubHub has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
StubHub has an estimated 27,103 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at StubHub ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on StubHub ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $635 thousand.
Incident Details
Can you provide details on each incident ?
Title: StubHub Ticket Fraud Breach
Description: StubHub, an online ticket exchange platform, suffered a significant cybersecurity breach by employees Tyrone Rose and Shamara P. Simmons, who exploited a backdoor in the system to resell nearly 1,000 event tickets, resulting in an estimated $635,000 in fraudulent profits. The compromised tickets spanned various high-profile events, including Taylor Swift’s Eras Tour, Ed Sheeran concerts, NBA games, and the US Open Tennis Championships. This incident not only led to financial loss but also damaged the company's reputation among its customers and partners.
Type: Fraud
Attack Vector: Backdoor
Vulnerability Exploited: Backdoor in the system
Threat Actor: Tyrone RoseShamara P. Simmons
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $635.00 thousand.
Which entities were affected by each incident ?
Incident : Fraud STU000031125
Entity Name: StubHub
Entity Type: Company
Industry: Online Ticket Exchange
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Fraud STU000031125
Backdoors Established: Yes
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Fraud STU000031125
Root Causes: Exploitation of backdoor in the system
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Tyrone RoseShamara P. Simmons.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $635,000.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=stubhub' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
