eBay posted a warning on its announcement board Friday warning users that some third parties may have obtained limited information about selected PayPal customers, and is informing those customers affected.
"The information obtained includes first and last name, mailing address, email address, and information about the transaction. No personal financial information was disclosed. PayPal passwords, Social Security numbers, driver's license data, credit card numbers, or bank account numbers are protected because PayPal always encrypts this data and maintains it on secure servers that cannot be accessed by any merchant or third party."
eBay said the third parties that obtained the information may seek to use it to target users with a deceptive email appearing to come from PayPal or online merchants. These hoax emails, also known as phishing, attempt to trick recipients into giving out their financial information. Typically they are mass-mailed, but it's possible that fraudsters with users' personal information could launch a targeted phishing campaign.
Recipients are often unsure whether hoax emails are legitimate or not. If fraudsters could customize the mailings with the recipients' names and mailing address, it's possible even savvy users could succumb to the scam.
PayPal set up a dedicated email address and toll-free phone number for customer questions and concerns at customerservice@paypal.com or 1-866-648-5869. And eBay offers a "Spoof Tutorial" at http://pages.ebay.com/education/spooftutorial
