Ebay Hacked!
If you’re an Ebay user, you may want to call your bank. On September 25th the popular online auction site was hacked. The hacker, posting as “Vlad” was brazen enough to reveal himself by posting the usernames, contact info, and credit card/banking info of over 1,000 users on one of Ebay’s Community message boards for several hours before it was shut down by Ebay. The remaining message boards were buzzing with worried users, many who became frustrated with Ebay’s lack of public response to the breach. What is particularly troubling about this event is Ebay’s lack of response.
They have not, to anyone’s knowledge, contacted any of the members who’s personal info was compromised and in fact are remaining pretty tight lipped about the situation, saying only that the person responsible is a “malicious fraudster”. They also claim the credit card info displayed by the hacker was invalid, but several user reports dispute them. ComputerWorld.com posted an article yesterday calling for Ebay to come clean and explain to its members exactly what happened and what is being done to prevent it from happening again. We can only hope that they do the right thing and stop what appears to be a large scale cover-up.
If you had credit card or bank account info on file with Ebay, don’t take any chances. Call your CC provider and/or bank and tell them your info has been compromised. It may also be worthwhile to contact the major credit bureaus and have a fraud alert placed on your reports. Protect yourself!
ebay, ebay security breach, ebay hacked, computerworld.com
September 28th, 2007 at 12:26 am
About ebay being hacked on 9/25/2007, I know what the alphanumeric sequences in the post titles mean!
When we register for ebay, the ebay database assigns us a 32-digit registration id which we do not see. If/when the user requests to close their account, after the waiting period, ebay changes the id to this 32-digit registration id. Here are some examples of some closed ids I pulled off feedback pages:
http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=32ee799631e58e297911c0ac337d4da7&ftab=AllFeedback
http://feedback.ebay.com/ws/eBayISAPI.dll?ViewFeedback2&userid=1d46724bb22628b93c047e6115310636&ftab=AllFeedback
These 32-digit ids do NOT remain searchable under find member forever though, only for a brief timespan (I’m thinking a few months) after the account is initially closed. Some accounts I closed which had these sequences are now no longer searchable under the sequences which I was previously able to view.
I knew what those digits meant when I first saw them.
This means this info most likely came from ebay. This corresponds to the fact that the info posted included the EXACT time and date, right down to the second, that the user registered.
October 1st, 2007 at 1:26 pm
[...] second hand, Ebay.com. That’s why I wanted to share this important warning I read about Ebay.com being hacked. The hacker, posting as “Vlad” was brazen enough to reveal himself by posting the usernames, [...]