728_header.jpg (23748 bytes)
 Home   EB Blog   AB Blog   Letters   Podcasts   ABTV   Forums   EPIS   PR Service   Classifieds   Ecommerce EKG   Service Ratings   
  Subscribe    RSS Feeds    Twitter        Contact Us  Web Site  
Service Ratings 
   Auction Sites
   FP Marketplaces
   Inventory Management
   Payment Services
   Storefronts & Carts
   Sniping Services
   Wholesale/Dropshipping
   Email List Hosting
   Consignment Services
   Ecommerce EKG 
   Auction Calendar
   Collectors' Links
   eBay Promo History
   Bookshelf
   Fraud Resources
   Drop-Off Store Laws
   ABTV
   Ecommerce Resources
   Photo Tips
   Marketing Inserts
   Yellow Pages
   Advertising
EcommerceBytes-NewsFlash, Number 1630 - September 26, 2007 - ISSN 1539-5065     | Next
eBay Denies Security Breach after User Information Exposed
By Ina Steiner
EcommerceBytes.com
September 26, 2007


eBay closed its Trust & Safety discussion board for hours on Tuesday after threads began appearing listing the names and addresses of eBay members. eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers." The credit card information that was published alongside 1,200 names, User IDs and addresses were not associated with the financial information on file for those users at eBay or PayPal, Sharpe said.

When asked if the "malicious fraudster," as eBay called the person behind the incident, might have been Vladuz, Sharpe said, "At this stage we are not confirming the identity of the fraudster." Last December, someone calling himself Vladuz began making claims that he had hacked into eBay, a claim eBay has denied. Some eBay users remain adamant in their belief that Vladuz has successfully hacked eBay.

In February and March of 2007, Vladuz posted on eBay boards using the pink line reserved for eBay employees. At the time, eBay confirmed a fraudster had obtained access to a handful of email accounts from some customer service representatives, but said the only information he had access to was information contained in emails. eBay said it keeps email servers separate from servers hosting member data (http://www.auctionbytes.com/cab/abn/y07/m02/i23/s01).

Sharpe said Tuesday eBay was in the process of proactively contacting members by phone, "so that if the information is valid somehow - regardless how this fraudster acquired the information - these members can take the steps they need to take to protect themselves." AuctionBytes contacted several users whose information was posted on the eBay Trust & Safety board on Tuesday. Those who checked said the address information was correct, but said the credit card numbers were not theirs.

Some have criticized eBay for posting information about the incident on its blog instead of on the company's Announcement boards. Others have wondered why it took eBay over an hour to react to the posts that exposed member data, despite their efforts to inform eBay of the matter.

When some users expressed fear their names might have been included in the postings, a few users posted a list of the User IDs affected by the incident on discussion boards. Some say eBay has removed at least some of those posts, and one member said eBay removed her About Me page after she posted a list of User IDs there. Those claims fuel some members' fears that eBay may try to sweep such incidents under the rug.

AuctionBytes was first to break this story:
http://www.auctionbytes.com/cab/abn/y07/m09/i25/s00

Readers react on the AuctionBytes blog:
http://blog.auctionbytes.com
You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.

Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon Sign up for our Email Newsletters

Email this story to a friend.

| Next

 EcommerceBytes Blog 
 AuctionBytes Blog 
 Letters to the Editor 
Related Stories 
Related Stories
  • eBay Addresses Vladuz Hacking Incident - February 22, 2007, Issue #1480
  • He's Baaack - Vladuz 'Hacker' Taunts eBay - February 23, 2007, Issue #1481
  • Vladuz 'Captcha Populator' Tool Doesn't Worry eBay, Mozilla - March 06, 2007, Issue #1488
  • eBay Auction Listing Swings Remain a Mystery - March 12, 2007, Issue #1492
  • Romanian Hacker Vladuz Makes Another eBay Housecall - March 14, 2007, Issue #1494
  • Scammers Use eBay's Message System to Troll for Victims - March 16, 2007, Issue #1496
  • FBI Cites Role in Arrest Related to Off-eBay Fraud - March 27, 2007, Issue #1503
  • Consumer Reports Releases Results of eBay Survey - July 03, 2007, Issue #1574
  • Spammers Harvest eBay Sellers' Email Addresses - August 21, 2007, Issue #1604
  • eBay Shuts Trust & Safety Board after Credit Card Numbers Exposed - September 25, 2007, Issue #1628
  • eBay Denies Security Breach after User Information Exposed - September 26, 2007, Issue #1630
  • eBay, PayPal and Yahoo Collaborate to Fight Phishing - October 04, 2007, Issue #1635
  • eBay Explains Security Hole Used by Hacker - October 09, 2007, Issue #1638
  • Hacker Email Address Used in Previous eBay Scams? - October 09, 2007, Issue #1638
  • eBay Hacker 'Vladuz' Arrested in Romania - April 18, 2008, Issue #1772

    • Discussion Forums 
    Have a question about buying or selling online? Want to get marketing or technical advice? AuctionBytes Discussion Forums are the place to come to get answers to your questions and get advice! Great tips - a refreshing change!

    Current Discussions:
     
    About Us      Privacy Policy      Link to Us      Partners      Our Writers      Write for Us      Press        Site Index

    Copyright 1999-. Steiner Associates LLC. All rights reserved.