Ebay Hacked, User Info Posted

An anonymous reader writes "This morning a hacker posted the personal contact information and credit card data of 1,200 ebay users on the eBay.com Trust & Saftey forums. eBay pulled the Trust & Safety forums off line, but not before one user made a video of the hacked forums and posted it on youtube.com. eBay response is on the eBay chatter page, and seems to try and down play this "fraudster"'s activity."

Whitehat?

[Applekid]

1200 seems kind of low for the kind of community ebay's got.

So I wonder: are these 1200 users the kinds of people who post up an auction for a picture of a coveted item hoping to scam someone out of buku bucks? Are these users that took the money and ran? Or are these legitimate users caught in a genuine hack?

Can't watch the video, and the ebay PR rundown doesn't (and wouldn't) say, but since ebay happily protects fraudulent sellers and refuses to give defrauded buyers any means to recover their losses from the scammers it seems to me like this has potential to be a hacktivism move.

Virtual credit card

[Big+Nothing]

Perhaps a tad off topic, but a great tip nonetheless: check out the "virtual credit cards" you can get nowadays, they're excellent for protecting yourself from all kinds of online problems. The card works much like a disposable e-mail address; you create a virtual card with a unique card number that only exists for a very limited time and that has a defined (read: small) limit. You use that one-time card number to pay for the product you want and dispose of the card afterwards (or rather: forget all about the card afterwards). If someone hacks eBay and finds your number they'll never be able to get any money from it since the card is expired - and even if it's NOT expired, the credit (or rather debit) limit is maxed out.

I got mine for free from my bank and have used it for lots of online purchases - it's fucking awsome.

Re:Virtual credit card

[0100010001010011]

No. I officially have 1 "Card". When I want another card I login to Citicards.com and go to the VAN (Virtual Account Number). They have a Flash online version or a 'local' version for XP. You then get a credit card number is defaulted to expire the next month. Even if it's the last day of the month (it's designed to be used immediately). The numbers can only be used once and you can additionally set up a limit on how much money the card is limited to and in how long it should expire. I usually just accept the defaults with reputable businesses. If the website looks a bit shady, I can limit the useage to Cost + $1.

Everything is tied to your main account, but if 'they' get the temp number, it's useless. It doesn't count towards having a new line of credit, maxing out your card (unless you max out your Account) or how long you've had the card. I think in the last year I've made 100+ of them. Used for everything for bills (Who in their right mind would send valid credit card information though the mail, then they have *everything*) To online orders.

Re:Fraudster?

[Judebert]

Ebay claims in TFA that the information was incorrect. In short, it's just a fraud, a scam, an attempt to get Ebay tech support and its customers riled up.

alphabetical

[htricia]

According to the youtube video it seems as though only those with usernames starting with a,b,j,k were effected.
Chances are I am wrong, but if thats the case then that narrows the list down, and I wouldn't have to worry.

One point to be made--

[Donniedarkness]

Ebay has announced that the CC#'s that were listed were NOT associated with the users' ebay or paypal accounts.

The guy had to have either:

A) Made them up

B) Gotten them somewhere else.

Regardless, he's just a troll trying to create bad press for eBay.

Re:Fraudster?

[PalmKiller]

They called him a fraudster because the credit card info did not match the users card info, so they think its just a fake attempt to scare ebayers.

Real Deal EBay

[spaceyhackerlady]

I get EBay phish email all the time, and I get real EBay email all the time.

It's easy to tell them apart. EBay never ask for credit card information (they don't have it); the phishers always do. EBay know my name, and use it. The phishers don't.

...laura

ebay Statement

[spacerog]

http://www.ebaychatter.com/the_chatter/2007/09/trust-safety-fo.html

Trust & Safety forums issue this morning

Some of our readers may have learned of an issue that occurred early this morning on one of our discussion forums. I've been talking with our Account Security and Legal teams, and I'd like to share some more details about this incident.

Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.

The posts ALSO appeared to contain credit card information -- however, these credit cards are not associated with financial information on file for these users at eBay or PayPal. We're in the process of reaching out by phone to these members to, so that if the information is valid somehow -- regardless how this fraudster acquired the information -- these members can take the steps they need to take to protect themselves.

eBay and our forums vendor, LiveWorld, began taking steps to remedy the situation within an hour after it started. As things evolved behind the scenes, a decision was made to make the the Trust & Safety forum unavailable to our Community. It's still temporarily inaccessible, as the teams work on this issue.

I'll update this story later as we have more to share.

Re:Fraudster?

[kd5ujz]

Jumped the gun a little, here is the site
http://www.beachnet.com/~hstiles/cardtype.html