An attack of shill bidding frustrated some eBay sellers over the weekend and raised questions about eBay's ability to shield itself from mass bidding attacks from hackers using redundant User IDs. A top eBay seller said one of his music CDs, which usually sells for several dollars, had been "bid up" to over $12,000 on Saturday morning.
The eBay User IDs involved, which numbered at least 70, were similar in nature – p6hantrannguyenlong12637, tnguyen12603, wnguyen12606 - and were created between September 4 – 6, with Vietnam listed as the seller location.
The email addresses of the shill bidders all came from a domain called vnlife.com. A representative affiliated with vnlife.com told AuctionBytes that the site had apparently been hacked, and the site was taken down over the weekend.
AuctionBytes spoke to eBay spokesperson Kevin Pursglove on Saturday afternoon, who said he was unaware of the situation and would forward the information to his security team. Some of the User IDs affected in the shill bidding attack were NARU'd (suspended) by Monday morning, and it appeared all were suspended by Monday evening. Pursglove did not return phone calls Monday, and it is not clear whether eBay will automatically credit the accounts of the sellers affected by the attack.
In an unrelated event, the PayPal site was down for one-and-a-half hours Monday evening. PayPal is eBay's online payment subsidiary.
