728_header.jpg (23748 bytes)
Google  Web AuctionBytes  

Home
Subscribe
Blog
Podcasts
Forums
AuctionBytes TV
ABU Back Issues

Sponsor

COOL TOOLS

Calendar
eBay Fee Calculator
Collectors' Links
eBay Promo History
Bookshelf
Fraud Resources
Auction Site Fees
Auction Management
Payment Services
Storefronts Chart
Sniping Chart
Email List Hosting
Consignment Services
Drop-Off Store Laws
Ecommerce Resources
Photo Tips
Marketing Inserts
Yellow Pages
Classifieds

AUCTIONBYTES

Our Writers
Write For Us
Partners
Press
Advertising
About Us
Link To Us

Auctionbytes-NewsFlash, Number 1630 - September 26, 2007 - ISSN 1539-5065      | Next Story

eBay Denies Security Breach after User Information Exposed
By Ina Steiner
AuctionBytes.com
September 26, 2007
AddThis Social Bookmark Button

eBay closed its Trust & Safety discussion board for hours on Tuesday after threads began appearing listing the names and addresses of eBay members. eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers." The credit card information that was published alongside 1,200 names, User IDs and addresses were not associated with the financial information on file for those users at eBay or PayPal, Sharpe said.

When asked if the "malicious fraudster," as eBay called the person behind the incident, might have been Vladuz, Sharpe said, "At this stage we are not confirming the identity of the fraudster." Last December, someone calling himself Vladuz began making claims that he had hacked into eBay, a claim eBay has denied. Some eBay users remain adamant in their belief that Vladuz has successfully hacked eBay.

In February and March of 2007, Vladuz posted on eBay boards using the pink line reserved for eBay employees. At the time, eBay confirmed a fraudster had obtained access to a handful of email accounts from some customer service representatives, but said the only information he had access to was information contained in emails. eBay said it keeps email servers separate from servers hosting member data (http://www.auctionbytes.com/cab/abn/y07/m02/i23/s01).

Sharpe said Tuesday eBay was in the process of proactively contacting members by phone, "so that if the information is valid somehow - regardless how this fraudster acquired the information - these members can take the steps they need to take to protect themselves." AuctionBytes contacted several users whose information was posted on the eBay Trust & Safety board on Tuesday. Those who checked said the address information was correct, but said the credit card numbers were not theirs.

Some have criticized eBay for posting information about the incident on its blog instead of on the company's Announcement boards. Others have wondered why it took eBay over an hour to react to the posts that exposed member data, despite their efforts to inform eBay of the matter.

When some users expressed fear their names might have been included in the postings, a few users posted a list of the User IDs affected by the incident on discussion boards. Some say eBay has removed at least some of those posts, and one member said eBay removed her About Me page after she posted a list of User IDs there. Those claims fuel some members' fears that eBay may try to sweep such incidents under the rug.

AuctionBytes was first to break this story:
http://www.auctionbytes.com/cab/abn/y07/m09/i25/s00

Readers react on the AuctionBytes blog:
http://blog.auctionbytes.com


Email this story to a friend.

| Next Story

Related Stories
  • eBay Addresses Vladuz Hacking Incident - February 22, 2007, Issue #1480
  • He's Baaack - Vladuz 'Hacker' Taunts eBay - February 23, 2007, Issue #1481
  • Vladuz 'Captcha Populator' Tool Doesn't Worry eBay, Mozilla - March 06, 2007, Issue #1488
  • eBay Auction Listing Swings Remain a Mystery - March 12, 2007, Issue #1492
  • Romanian Hacker Vladuz Makes Another eBay Housecall - March 14, 2007, Issue #1494
  • Scammers Use eBay's Message System to Troll for Victims - March 16, 2007, Issue #1496
  • FBI Cites Role in Arrest Related to Off-eBay Fraud - March 27, 2007, Issue #1503
  • Consumer Reports Releases Results of eBay Survey - July 03, 2007, Issue #1574
  • Spammers Harvest eBay Sellers' Email Addresses - August 21, 2007, Issue #1604
  • eBay Shuts Trust & Safety Board after Credit Card Numbers Exposed - September 25, 2007, Issue #1628
  • eBay, PayPal and Yahoo Collaborate to Fight Phishing - October 04, 2007, Issue #1635
  • eBay Explains Security Hole Used by Hacker - October 09, 2007, Issue #1638
  • Hacker Email Address Used in Previous eBay Scams? - October 09, 2007, Issue #1638
  • eBay Hacker 'Vladuz' Arrested in Romania - April 18, 2008, Issue #1772



  • Discuss this story in our forums.

    Ecommerce Podcasts

    Site Index
    Copyright 1999-2008. Steiner Associates LLC. All rights reserved