Whatever IT is, you can find IT on eBay… including other members' private data, such as credit card numbers (with three digit CVV2 number), user names, and contact information. Has eBay or Paypal been hacked? Or, is this just a hoax schemed by tricksters?
Hackers have posted personal information on 1,200 eBay customers to an eBay forum, dedicated, ironically, to fraud prevention. The information was up for around an hour this morning before eBay shut the message board down and displayed usernames, email details, credit card details, CVV2 numbers, phone numbers and home addresses to visitors.
We have a huge list of possibly compromised eBay ID's, you can find it below along with discussion board screenshots.
In an effort to remove members' sensitive information, users frantically warned eBay of the post. eBay customer support replied, "eBay is currently working with LiveWorld to remove the posts and get this fixed. Thanks for your patience and understanding."
But patience wasn't enough for some users. The forums were flooded with comments such as "SHUT DOWN THE BOARDS NOW!" and "Shut the d*mn discussion boards down!": http://forums.ebay.com/db2/thread.jspa?threadID=1000565444&start=0
eBay was unable to remove the post, so the eBay forum was shut down at approximately 7:12 PDT this morning, one hour after the threads containing users' information were posted. The eBay forum was back online 5 hours and 10 minutes later with the posts removed.
Please check the list of possibly exposed eBay usernames. (this is a list of names that were known to have been posted by hacker on a Trust and Safety board)
eBay spokesperson Nichola Sharpe said Tuesday afternoon:
"Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.
The posts ALSO appeared to contain credit card information — however, these credit cards are not associated with financial information on file for these users at eBay or PayPal."
An official from eBay acknowledged that the names and contact information appeared to be valid and “could have been secured as part of an account takeover” as opposed to security violation of eBay or Paypal’s database.
eBay said that it is now in the process of contacting these users by phone so that they can “take the steps they need to protect themselves”.
Earlier this year, eBay experienced another security breach when a hacker calling himself Vladuz accessed the site’s private servers and posted as an eBay official on its forums.
eBay didn’t comment on whether the malicious user was “Vladuz”, a member who claimed to have hacked eBay last December, and who successfully posted to the forums in February and March using a special account type reserved for eBay employees - eBay admitted at that time that some customer service accounts had been compromised, but not user data.
Pay attention to the page numbers: 28 pages of personal information was exposed!
[list of posted eBay names was kindly provided by shenemanfamily.com]