Slashdot Mirror
Ebay Hacked, User Info Posted
An anonymous reader writes "This morning a hacker posted the personal contact information and credit card data of 1,200 ebay users on the eBay.com Trust & Saftey forums. eBay pulled the Trust & Safety forums off line, but not before one user made a video of the hacked forums and posted it on youtube.com. eBay response is on the eBay chatter page, and seems to try and down play this "fraudster"'s activity."
1200 seems kind of low for the kind of community ebay's got.
So I wonder: are these 1200 users the kinds of people who post up an auction for a picture of a coveted item hoping to scam someone out of buku bucks? Are these users that took the money and ran? Or are these legitimate users caught in a genuine hack?
Can't watch the video, and the ebay PR rundown doesn't (and wouldn't) say, but since ebay happily protects fraudulent sellers and refuses to give defrauded buyers any means to recover their losses from the scammers it seems to me like this has potential to be a hacktivism move.
More Twoson than Cupertino
Perhaps a tad off topic, but a great tip nonetheless: check out the "virtual credit cards" you can get nowadays, they're excellent for protecting yourself from all kinds of online problems. The card works much like a disposable e-mail address; you create a virtual card with a unique card number that only exists for a very limited time and that has a defined (read: small) limit. You use that one-time card number to pay for the product you want and dispose of the card afterwards (or rather: forget all about the card afterwards). If someone hacks eBay and finds your number they'll never be able to get any money from it since the card is expired - and even if it's NOT expired, the credit (or rather debit) limit is maxed out.
I got mine for free from my bank and have used it for lots of online purchases - it's fucking awsome.
SIG: TAKE OFF EVERY 'CAPTAIN'!!
Ebay claims in TFA that the information was incorrect. In short, it's just a fraud, a scam, an attempt to get Ebay tech support and its customers riled up.
For geek dads: Contraction Timer
According to the youtube video it seems as though only those with usernames starting with a,b,j,k were effected.
Chances are I am wrong, but if thats the case then that narrows the list down, and I wouldn't have to worry.
The guy had to have either:
A) Made them up
B) Gotten them somewhere else.
Regardless, he's just a troll trying to create bad press for eBay.
Earn a % of cash back from Newegg, Tiger Direct, Walmart.com, and more: http://www.mrrebates.com?refid=458505
They called him a fraudster because the credit card info did not match the users card info, so they think its just a fake attempt to scare ebayers.
ebay owns paypal
I get EBay phish email all the time, and I get real EBay email all the time.
It's easy to tell them apart. EBay never ask for credit card information (they don't have it); the phishers always do. EBay know my name, and use it. The phishers don't.
...laura
Yesterday, I noticed I couldn't log in to my own fucking account. It kept saying my password was incorrect. I had to call up PayPal. I found out that all of my money in PayPal (I had around $7,000 USD) is gone. eBay won't let me know what happened and want to charge me seller's fees when I never even own what was sold! I suspect some low life has taken over my eBay, PayPal, and even my GMail account (same password because I have poor memory). PayPal says there is nothing they can do for me and that I owe them for the negative account balance and eBay for the seller fees.
I am really worried because my eBay name has been ruined with negatives from fraudulent sales and I depend on it to pay my bills. Now I have no money because some fucker took everything in PayPal so I can't pay my credit card bill which is due today. To all the people that are playing this down: Fuck you. Fuck eBay, too.
Trust & Safety forums issue this morning
Some of our readers may have learned of an issue that occurred early this morning on one of our discussion forums. I've been talking with our Account Security and Legal teams, and I'd like to share some more details about this incident.
Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.
The posts ALSO appeared to contain credit card information -- however, these credit cards are not associated with financial information on file for these users at eBay or PayPal. We're in the process of reaching out by phone to these members to, so that if the information is valid somehow -- regardless how this fraudster acquired the information -- these members can take the steps they need to take to protect themselves.
eBay and our forums vendor, LiveWorld, began taking steps to remedy the situation within an hour after it started. As things evolved behind the scenes, a decision was made to make the the Trust & Safety forum unavailable to our Community. It's still temporarily inaccessible, as the teams work on this issue.
I'll update this story later as we have more to share.
Nope. I pay for listings and sales through paypal.
sig: sauer
Jumped the gun a little, here is the site
http://www.beachnet.com/~hstiles/cardtype.html
-William
God is everything science has yet to explain.
A fairly comprehensive list of affected ids is available at this site.
10001001111001110110011000011101110