728_header.jpg (23748 bytes)
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
Subscribe to our 2 FREE Newsletters!
Google  Web AuctionBytes  

Home
Subscribe
Blog
Letters to Editor
Podcasts
Forums
AuctionBytes TV
ABU Back Issues

Sponsor

COOL TOOLS

Calendar
eBay Fee Calculator
Collectors' Links
eBay Promo History
Bookshelf
Fraud Resources
Auction Site Fees
Auction Management
Payment Services
Storefronts Chart
Sniping Chart
Consignment Services
Drop-Off Store Laws
Ecommerce Resources
Photo Tips
Marketing Inserts
Yellow Pages
Classifieds

AUCTIONBYTES

Our Writers
Write For Us
Partners
Press
Advertising
About Us
Link To Us
Ina Steiner AuctionBytes Blog
News and insight focusing on
ecommerce and the online auction industry
by Ina Steiner, Editor of AuctionBytes.com
September 25, 2007
Perminate Link for Update on eBay Security Issue   Update on eBay Security Issue
By: Ina Steiner
Tue Sept 25 2007 14:07:47
eBay's Trust & Safety board remains closed after eBay took it down this morning when threads began appearing listing what appeared to be confidential user information. (See article here.)

We've contacted several people whose information appeared to be exposed in an effort to verify whether the information in the postings were correct. Multiple people have confirmed their address was correct. One person said the credit card number did not belong to him, and others have yet to get back to us to confirm their credit card number one way or the other.



Users have speculated that Vladuz may be behind the incident. While the posts did not contain the name Vladuz, they contained a line, "SGI Inc. - emocnI gnitareneG rof snoituloS." The letters are Solutions of Generating Income spelled backwards. When the Romanian hacker Valduz posted in February on the eBay boards, one of the names he used was Vladuzsgi.

eBay said at the time that while Vladuz had obtained access to a "handful" of customer service representatives' email accounts, he never hacked into the site or accessed any customer data.

We are still waiting to hear from eBay about this morning's incident.

Update: 9/25/07 2:45 pm Eastern
eBay's Chatter blog acknowledged the incident at 2:15 and stated that the credit card information that appeared in the postings was not linked to financial information on file for those users at eBay or PayPal.

Reading AuctionBytes Blog: Update on eBay Security Issue
Comments (72) | Permalink
Readers Comments

Update on eBay Security Issue   Update on eBay Security Issue
by: Wendy
Tue Sep 25 14:25:04 2007
Although I managed to copy 990 names before the site was closed, and although the informaton appears correct for the listings, just because a person's name doesn't appear on the list, means that they're safe.  Nobody knows how many names were compromised, only that 990 were posted.  A small percentage of eBay users, but since eBay isn't talking, we have to assume the worst.  Everyone's information has been compromised.  Don't leave it to eBay to correct this problem.
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 14:37:12 2007
For the first time in memory, I'm getting an error message and the dreaded red 'X' when trying to post to a thread about this topic on the paypal discussion board:

An error occurred processing your message.


I'll bet it did.
Update on eBay Security Issue   Update on eBay Security Issue
by: Boycott Ebay
Tue Sep 25 14:41:06 2007
Definitely anyone should assume the worst since Ebay is clearly busy covering up. Message board posts yanked; About Me page with partial 'exposed members' list yanked; call Ebay and they hang up when you tell them you are concerned about this possible identity theft situation. If all is well, then what are they trying to hide?? Why take chances? Don't trust Ebay to fix this. Do it yourself.
Update on eBay Security Issue   Update on eBay Security Issue
by: hoosier
Tue Sep 25 14:43:15 2007
Wendy, please go to the SC board on ebay and post on one of the threads about this...people are wanting to know if their ID names are on that list.

Nothing else needs to be told ...just yes or no to a name.

So far you seem to have the more names than anyone else I have spoken to.
Thank you!!!!
Update on eBay Security Issue   Update on eBay Security Issue
by: Jennifer
Tue Sep 25 14:45:49 2007
My DB post letting others know I have a screenshot was pulled on the pretense that my signature line was in violation. Ha! I doubt that. Definite attempt to cover-up on eBay's part. Disappointing. I expected more professional behavior from them. I see I was expecting too much.
Update on eBay Security Issue   Update on eBay Security Issue
by: Terry
Tue Sep 25 15:30:33 2007
I expect Ebay should now do what they do best SWEEP it under the RUG. Wonder how big a rug they have? This is something that just won't GO AWAY by ebay pulling and deleting information posted on their boards. Funny how the MODERATERS have time for trivial matters but don't see something this important for what at least AN HOUR?? FIRE all the Board Moderaters and start over with compitant Mods.

Anyhow care to BUY or Sell something today? It is laughable.

Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 15:34:17 2007
Someone claiming to be vladuz has put up a  video of the posts on youtube.

http://www.youtube.com/watch?v=_q9m2iFsz9M
Update on eBay Security Issue   Update on eBay Security Issue
by: Boycott Ebay
Tue Sep 25 15:54:29 2007
(quote)by: dimes
Tue Sept 25 2007 15:34:17
Someone claiming to be vladuz has put up a  video of the posts on youtube.

http://www.youtube.com/watch?v=_q9m2iFsz9M (unquote)
Vladuz COMMENTED on that video. He did not post it. The person who posted the video is one of the good guys who frequently documents Ebay attacks and hacks. He is NOT Vladuz nor does he claim to be.

http://www.youtube.com/watch?v=_q9m2iFsz9M
Update on eBay Security Issue   Update on eBay Security Issue
by: IG
Tue Sep 25 16:10:43 2007
I don't know if my account was on the list, but I woke up to an e-mail from eBay saying that my account was compromised and had been used to send out messages.(only) I went through the routine of changing my password (which I assure you was not a ''weak'' one) and after logging back into eBay, and examining the sent messages, (which were ALL sent this morning 9/25/07) they all say:

web: (watyo77.com)
Mail: watyo77@hotmail.com
MSN: watyo77@hotmail.com
Best regards
 
Now, Doing a google search on ''watyo77'' shows not only that it is a Chinese company selling electronics, but also yielded several eBay auctions dated as early as 9/19 that have an identical ''question from e-bay member'' posted.

My point is: (A) I don't think that my password was hacked. I think that eBay's system was hacked into (circumventing my pwd). and (B) I think that this has been going on certainly since before today, since 9/19 and perhaps before that.
Update on eBay Security Issue   Update on eBay Security Issue
by: Fruity
Tue Sep 25 16:29:30 2007
Oh Wendy can't post the names of those who were compromised, not on any ebay site. The minute she does she will be permanently suspended from any ebay function. That is how Ebay handles the whistleblowers. But a reputable site outside of ebay where you can allow others to see if they are victims of this would be more appropriate and safer

Only on ebay do people have to live in fear of being hacked, fear of opening your mailbox or responding to people. And why is that? Is the technology not capable of ensuring user information or is the site not equipped to handle it? Whatever the case, being in fear benefits ebay. Skype will come down and save the day and when pitched as the tool of choice for secure transactions, they'll get high user adoption and it'll be a success!

Ebay has such POS user registration screening, anyone can get in to hijack & harvest your information. Most of those hackers and hijacks, those are from users that are either inactive/dormant or IDs that were registered years ago.
Update on eBay Security Issue   Update on eBay Security Issue
by: Fruity
Tue Sep 25 16:35:17 2007
Bill Cobb comes back & the hackers unleash hell. Coincidence? Maybe they're tired of his back talk and the management way of talking down to ebayers
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 16:36:31 2007
Sorry for the misidentification, 'Boycott eBay'.  Sometimes it's difficult to tell the good guys from the bad, particularly when they both have to resort to similar methods of documenting eBay security breaches.
Update on eBay Security Issue   Update on eBay Security Issue
by: cornercube
Tue Sep 25 16:45:43 2007
LiveWorld, host to eBay Discussion Boards, has a content filter in place. Posts containing the phrase "credit card" are rejected.
Update on eBay Security Issue   Update on eBay Security Issue
by: Giovanni
Tue Sep 25 17:05:28 2007
@Dimsey. I posted that video.
I object to your misguided mis-characterization.

When has hack-Meister Vladuz posted a video?

When has Cappnonymous hacked ebay?

When has either acted similarly?
Update on eBay Security Issue   Update on eBay Security Issue
by: hoosier
Tue Sep 25 18:12:10 2007
Well Wendy can find my OT thread on SC and email me, I will then send her an off ebay email and we can go from there...:)
Been on ebay almost 8 years and have never seen this happen before to such a degree, have also never seen sales as slow as they have been all summer either.
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 18:41:21 2007
Oh, please - let's not split hairs.

Vladuz has posted screencaps of hacked eBay info.  The fact that they're not animated doesn't mean they're not visual documentation of a security breach.

Or was it you who posted these?

http://i24.tinypic.com/14kicqp.jpg

http://i21.tin
ypic.com/v80gtu.jpg
Update on eBay Security Issue   Update on eBay Security Issue
by: Boycott Ebay
Tue Sep 25 19:28:00 2007
OK. Let's not split hairs but let's not shoot the messenger either. Cappnonymous has spent hours upon hours documenting this kind of attack on Ebay users. He has no motive but to see it stopped. We should ALL be so dedicated to that cause! Thank you, Giovanni.
Update on eBay Security Issue   Update on eBay Security Issue
by: A
Tue Sep 25 19:52:57 2007
Actually, with all the foreign spam we get is it any guess that ebay was hacked within the last month?
Update on eBay Security Issue   Update on eBay Security Issue
by: Jennifer
Tue Sep 25 20:34:38 2007
The YouTube video was not produced by the hacker. There were comments beneath that could have been from the hacker. This is not the first YouTube hacking video I've seen. They are community service spots. You can see that the user's sensitive info was protected in the video. Would a hacker do that? I swear I wonder where people's common sense is sometimes.
Update on eBay Security Issue   Update on eBay Security Issue
by: Wendy
Tue Sep 25 21:01:40 2007
As I'm sure you all know by now, the list has been promulgated by many sources.  I have about 990 names on my list, and tried to post them on eBay, but it was removed and I was warned under pains of suspension not to repost it.  I have not, but I did contact some of the people whose information I was able to view.  The responses have been eye-opening and I will no longer trust eBay with any correct personal financial information.
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 21:03:13 2007
I’m not ragging on the guy for doing them – it’s great that he takes the time and effort to create these alerts.

Giovanni, at the risk of going off-topic for a minute, allow me to make a suggestion (as someone who works in the entertainment industry) that might help you get more exposure for your work, minimize any confusion about your intent in creating these videos, and help you build a reputation for the quality of the ‘product’ you create:

Establish a brand image.

Every one of your couple dozen videos posted on youtube could have a simple title card along the lines of ‘A Cappnonymous Public Service Video’.  

A reputable brand is a valuable thing to have.
Update on eBay Security Issue   Update on eBay Security Issue
by: DOC
Tue Sep 25 21:25:15 2007
Here are some screen shots..
http://www.ebaymotorssucks.com/vladuz-is-back-again.htm


And a partial user list..
http://www.ebaymotorssucks.com/ebay-users-info-compromised.h
tm

DOC
Update on eBay Security Issue   Update on eBay Security Issue
by: Greg
Tue Sep 25 21:56:39 2007
The best list I've seen since this morning, when I witnessed the postings, is here:

http://shenemanfamily.com/comp.html

This is ID's only. No personal info of any kind and it's fairly comprehensive as it was compiled from Screen shots by many people that colaberated to be certain that it was accurate.
Update on eBay Security Issue   Update on eBay Security Issue
by: Dennis
Tue Sep 25 23:18:36 2007
Hi Ina,

Thanks so much for your speedy coverage on this fiasco.

I have a glaring question however...

This isn't just about 15 credit card info posts, nor even 1,200 posts of user names and credit cards, both of which would be terrible. There is a much more serious and deeper issue.

The cracker may have gotten access to the mother lode database of userids, names, and credit card info.

What makes everyone think that the cracker ONLY GOT JUST THE INFO POSTED??! And what is eBay doing to close the likely hole and how long will it take them to close the hole(s)? Will they tell you when it is secure? I believe they won't tell the members anything further.

If the database was violated, then eBay needs to be honest with its customers about how exposed each member was to the cracker's attack beyond just showing 1,200 member's info to the public. As you inferred, it is likely the IDVerified etc. means the cracker got more than phishing info, rather, database access. And eBay suggesting that this was account takeover suggests that this person has been into 1,200
accounts to be able to do that... Is that credible? Did this cracker spend the hours and days logging into
each of 1,200 accounts so they could then embarass eBay and scare the members? Or is it more likely
this came from exactly one source - probably a database.

And what prevents the cracker from selling these accounts to thieves or posting them to some cracker shared resource of valid numbers, etc. assuming there are MORE than 1,200?? People need to be thinking about their exposure.

I have an account, didn't see the posts, don't know if my ID and info was posted, and even if it wasn't I am concerned that it could be compromised shortly if the cracker has more than was publicly shown probably as a taunt to eBay and a brag to fellow crackers.

I hope the Feds catch him/her quickly. But until then, the customers need to know that their info isn't necessarily safe even if they didn't get their hours in the spotlight.

All the best.
Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 00:07:18 2007
Thanks, Greg, for the pat on the back for the webpage!  I've just updated it with the latest of names I've been sent, and it's up to 567 names.  Not even half of the ones known about.  

And I agree with other posts - just because your name may not be on the list doesn't mean you should completely relax.  I've yet to hear a credible theory of how this information was gathered and posted to begin with.

We would all be well served to change our passwords, and monitor our banking and credit card accounts very closely in the near future - if not out right cancelation of them all and replacements getting issued.
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard Chemel
Wed Sep 26 01:06:28 2007
Ina, what concerns me most is 1) that eBay posted in the eBay Chatter about this incident, and not on the announcement board 2) that it happened to the security arm of eBay T & S. and after being notified it still took them over an hour to pull the posts down.

As an eBay seller and writer I just posted a story on this security breach. I cannot believe the spin that eBay's Press Rep gave You. Are we stupid? Once again, eBay tries to sweep this under the rug, and appears to be in denial. If someone can get into our personal info, why shouldn't we be really concerned. Can the same person get into Paypal too?

Take Care
Richard
Link to my story

http://eplay.typepad.com/eplay_online_sports_fanta/2007/0
9/ebay-trust-safe.html
Update on eBay Security Issue   Update on eBay Security Issue
by: just_passing_by
Wed Sep 26 04:29:28 2007
excellent read here!...

imo: insiders
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard
Wed Sep 26 10:32:08 2007
Let's face it: eBay is over the hill, knows it and is desperately trying to do something about it.  I'm only a silver powerseller with about 7000 FB, but I've started diverting my sales away from eBay in favor of my own website and other uBid.  eBay clearly does not care about the sellers who make the money for them, or the buyers.  everything they do (and don't do) points in that direction.  Nuff said.
Update on eBay Security Issue   Update on eBay Security Issue
by: jsicolts
Wed Sep 26 10:52:22 2007
LOL. Love it. More ebay lies & baloney. DENY DENY DENY but abuse your sellers. We hate eBay. And actually sell MORE now on BETTER sites like eCrater, Alibris, Biblio, etc.
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard Chemel
Wed Sep 26 11:29:15 2007
Ina...the statement eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers"

is the most ridiculous statement from a PR Flak I have seen in years- EBAY THINKS?  "Thinks" is an term that suggests that eBay doesn't really know yet how the information was gotten.
The story is a sad commentary on eBay, and the handling to users and to the press is pitiful.

Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 11:52:23 2007
Came across an internet article last night about how a large phishing attack was launched against eBay in August.  Timing would be about right, for this information gained via phishing to now be getting published on eBay.  There is currently another phishing attempt being conducted on eBay also, involving auctions associated with porn images.  When you click on the auction, to either look, or report the auction, you are redirected to an eBay "login" page which is not legit.  I don't know that the earlier phishing was behind this all...but it might have been.
Update on eBay Security Issue   Update on eBay Security Issue
by: Gina
Wed Sep 26 12:26:05 2007
I just found out about this about an hour ago.  I'm trying to read everything I can about it, but I still don't understand what I should do.  Is it recommended to completely cancel my seller account & establish a new one or to just get out of eBay and use other auction sites that are out there?  I've had my eBay identity frauded a couple times in the past 5 years, and don't want to deal with it again!
Update on eBay Security Issue   Update on eBay Security Issue
by: pj
Wed Sep 26 12:52:40 2007
Personally, I don't believe a word anyone says at Ebay.  I think that everyone at Ebay has had the ethics and integrity corrupted by their paycheck.  About a month ago, I received a 2nd chance offer.  I knew the seller and had purchased from him many times.  I had bid on the item, but had lost.  What my question was....how was I sent a second chance offer by a fraudster on an auction I bid on to the email address listed with my Ebay ID??  When I bid, it shows my Ebay ID, but it does not show my email address.  The sellers account had not been hacked...and he wouldn't have had my email address from that auction anyways...as I had not won.  The second chance I received came to the right email address for the ID and was not through Ebay's system.  I sent a letter to Trust & Safety....and they said in fact it was bogus and not to answer it (duh)...but completely mum as to HOW IT HAPPENED??!!
Now, I am dealing with another problem ''STEALTH EBAY POLICIES''..these are policies that are written NOWHERE ON EBAY, but that Ebay is enforcing on sellers and thereby delisting sellers good auctions(got an email from Trust & Safety verifying my comment).  Apparently, instead of publishing their new policies (say like on the General Announcement Board), Ebay is diseminating the information via backroom discussion boards, trade magazines (people may or may not get) and have employed the A.N.A. as their publicist, author and the AUTHORITY of their new policies (to bad Ebay didn't tell the A.N.A. that was their role in Ebay's Policies).  Way to step up ebay.  I may sell on ebay,,,,,but I am not confused....EBAY IS NOT MY PARTNER AND NOT MY FRIEND!!!  Ebay would sell me and any other buyer, seller, commercial industry or hobby, if it meant bigger profit dividends for their share holders!
Update on eBay Security Issue   Update on eBay Security Issue
by: Carol
Wed Sep 26 13:49:18 2007
Well, I'm still trying to find out if my user id was on that list. I've already changed passwords and deleted any personal info, although it won't help with this episode.
This does explain why in the past 3 weeks my PayPal account, bank account and one credit card have all been compromised to the point of being frozen -- and the only commonality between the 3 is eBay/PayPal.

Any updated lists or info?
Update on eBay Security Issue   Update on eBay Security Issue
by: Boycott Ebay
Wed Sep 26 13:53:01 2007
It seems that Ebay has a long reach and they are actively seeking to bury this story. The YouTube video produced by Cappnonymous and referenced here has been shut down. Anyone who still thinks Ebay has nothing to hide is a fool.
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Wed Sep 26 14:40:23 2007
The pulldown itself may become a talking point that will get more exposure for the security breach by adding to the perception that eBay is trying to hide something.

What was the ‘terms of use’ violation that google is citing for the removal?
Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 14:50:09 2007
www.shenemanfamily.com/comp.html updated.  1055 names.
Update on eBay Security Issue   Update on eBay Security Issue
by: Report this to privacy groups and media
Wed Sep 26 14:54:38 2007
I think everyone who has their hands on that list needs to contact CNET. They broke the news about AOl security breaches as well as Ebay when their crapolla servers broke down with outages (that ebay wouldn't fix until CNET put the screws on them) http://tinyurl.com/227bhq

This type of data breach can only be rectified when someone over at Ebay is embarassed enough in major media to take serious action at protecting the site. This is a major data breach. Ebay talks on capitol hill about its state of the art, leading edge internet security tactics. They BOAST about it their internet security on The House Committee on Energy and Commerce, one of the highest committees there is! It is time to take it outside of asking and begging ebay to do something. its time someone lost their end of the quarter bonus again. So get on the phone and call the hotline and tell them Ebay has allowed another data breach, this time of 900 users including credit card information. It doesn't matter what ebay says, whether it is credit card info or not. If it LOOKS LIKE IT then that is something this Committee is going to investigate. This is going to happen again and again until enough of us pick up the phone and say the same thing to the same people. If our names are not on the list now, do you want to take the change it will be on the next round?

Committee on Energy and Commerce
Phone: (202) 225-2927.

I called. Is keeping ebay safe important  enough for you to call also?
Update on eBay Security Issue   Update on eBay Security Issue
by: mad
Wed Sep 26 14:56:40 2007
Read Meg and her crew talk about how safe ebay is making the internet

http://tinyurl.com/2ybkn8
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Wed Sep 26 15:15:21 2007
Hello everyone. The video has been pulled, as we all know, for alleged "Terms of Use" violations.
Funny part is that I have not heard a single PEEP from youtube as of what those violations may haver been, nor even a notice that it occurede, other that what we see on the page now.

The video lives on, see my blog at brave net for links. Please do not allow this important consumer safety issue to be swept under the ebay rug, as so many others seem to have been so very many times.

Thank you.
Giovanni
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Wed Sep 26 15:30:06 2007
Giovanni, you might want to contact youtube and ask for the specific reason your public service video was pulled.

If they tell you it was done at eBay request and has anything to do with a copyright violation for displaying portions of eBay screens, contact the Electronic Frontier Foundation and ask for their advice about filing a DMCA counterclaim.   If they think you’ve got a valid case, they’ll make sure that everyone and their brother knows that eBay appears to be trying to suppress evidence of a security breach.  

http://www.eff.org/
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Wed Sep 26 15:47:21 2007
Dimesy, I am not a lawyer or an orator and often have difficulty exprssing myself, furthermore I am not a typist, as you can see.
 The facts are clear, that was removed for no reason , and if there had been a valid reason, I would have/should have been notified. I really do not need the stress of additional canned email responses from another huge ivory tower.
If anyone else cares to pick up that torch, be my guest.
It is now time to adapt and keep moving.
BTW, I was born without a "style gland"
:)
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Wed Sep 26 16:41:41 2007
The video is still available for viewing here:

http://www.firemeg.com/
Update on eBay Security Issue   Update on eBay Security Issue
by: JoeS
Wed Sep 26 17:33:47 2007
Ebay's actions (sweeping it under the rug and such) is all about protecting the investors and the stock price.

What about protecting your users Ebay???

Update on eBay Security Issue   Update on eBay Security Issue
by: DOC
Thu Sep 27 13:47:50 2007
Here is the video and the comments screen captured just before it was pulled..

http://www.ebaymotorssucks.com/pulled-ebay-hack-video.
htm
Update on eBay Security Issue   Update on eBay Security Issue
by: Melody
Thu Sep 27 17:24:14 2007
This was just posted on ebay thread called  IT NEVER HAPPENED on the Trust and Safety Board
It is a conversation with live help concerning the breach.
Post# 23
8:12:24 AM System
Steven S. S. has joined this session!
8:12:24 AM System
Connected with Steven S. S.
8:12:29 AM Steven S. S.
Hello, thank you for waiting and welcome to eBay Live Help! My name is Steven. If you’re a registered member, may I please start by having you confirm your User ID and first name?
8:12:43 AM jackie9978.
Hi, it's Jackie, Jackie9978.
8:13:19 AM Steven S. S.
Hi! Jackie. How are you today?
8:13:25 AM jackie9978
I've been better.
8:13:32 AM jackie9978
Are you ready for my question?
8:14:11 AM jackie9978
What protections is EBAY taking now that so many names and credit card numbers were allowed to be posted on one of your discussion boards? I know you want it to all disappear, but is EBAY safe or not?
8:14:19 AM Steven S. S.
O Sure!
8:15:39 AM Steven S. S.
May I have the link of the page you are referring to?
8:15:45 AM jackie9978
And, Steven S.S., why aren't you demanding that your ''boss'' bot issue a press release about this event that is causing many people to question the safety of ebay.
8:15:53 AM jackie9978
a link? You don't even know what happened on ebay?
8:16:56 AM Steven S. S.
I just need to make sure that the page you are viewing is of eBay.
8:18:08 AM jackie9978
Steven S. S., are you denying that EBAY allowed this awful thing to happen?
8:18:22 AM jackie9978
is EBAY safe or is EBAY unsafe?
8:19:49 AM Steven S. S.
Please be assured that eBay is a safe online trading site ad doesn't share any personal information.
8:20:13 AM jackie9978
Then, can you explain what happened yesterday on your Trust & Safety Discussion Board, please?
8:22:09 AM Steven S. S.
Sure.
8:23:59 AM Steven S. S.
Due to an exploit of a feature on the PayPal site, some eBay users’ contact information may have been exposed. As soon as we learned of this exploit, we worked very quickly to shut it down.
8:24:26 AM Steven S. S.
This occurred when eBay users clicked on the PayPal account signup URL from the eBay Web site. Third parties may have been able to enter an eBay ID and get the user’s contact information. [IF PRESSED, this information includes name, e-mail address, shipping information and phone numbers]
8:25:04 AM Steven S. S.
Information accessed did not include financial information like credit card numbers or bank account numbers. This information is kept under the highest levels of encryption on eBay’s and PayPal’s secure servers.
8:25:28 AM jackie9978
Then, why did that information appear on your Trust & Safety discussion board?
8:27:49 AM Steven S. S.
eBay and PayPal are very safe ways to buy and sell online. We have more than 2,000 professionals working to ensure the trust and safety of our systems every day. Because PayPal doesn’t share users’ financial information, privacy is built into the service.
8:28:06 AM jackie9978
Well, that isn't my question. You claim something never happened and it certainly did happen.
8:28:25 AM jackie9978
And, shame on you for trying to hide it. Just admit there was a mistake and FIX it so it does not happen again.
8:28:48 AM jackie9978
This wasn't a PAYPAL issue, this information was posted on YOUR boards.
8:30:02 AM Steven S. S.
As I said that it is pulled from there and it is possible that these unauthorized 3rd parties have posted this on the discussion board.
8:30:40 AM jackie9978
But, you said it never showed up on your website, which is false. Which is it? Was it a PAYPAL glitch or did EBAY permit this personal information to appear on your discussion boards?
8:33:14 AM Steven S. S.
It was due to a glitch as I mentioned.
8:33:29 AM jackie9978
lol, a ''glitch''.
8:34:01 AM jackie9978
So, Steven S. S., at first you denied it happened, then you called it a glitch.
8:34:04 AM Steven S. S.
This issue occurred when eBay users clicked on the PayPal account signup URL from the eBay Web site it was posted on the discussion board. The feature is designed to facilitate PayPal registration from eBay.
8:34:35 AM jackie9978
So, you're claiming that everyone who had their personal information posted did so by ''clicking a URL'' from a discussion board?
8:35:25 AM Steven S. S.
Not from the discussion board but when eBay users clicked on the PayPal account signup URL from the eBay Web site it was posted on the discussion board.
8:35:51 AM jackie9978
I see, so you're blaming PAYPAL for personal information of your users being posted on your discussion board?
8:36:00 AM Steven S. S.
Which I already cleared to you earlier and I didn't said it has not happened.
8:36:14 AM jackie9978
Steven S.S. doesn't that appear that you're simply passing the buck? Refusing to accept responsibility?
8:36:14 AM Steven S. S.
I just asked you the link of the page on which you saw it.
8:36:30 AM jackie9978
I saw it on Ebay's Trust & Safety discussion board approximately 24 hours ago.
8:36:41 AM jackie9978
That's your board, Steven S.S. not Paypal.
8:37:08 AM Steven S. S.
We are not playing a blame game but due to a glitch on the link it got posted on the discussion board.
8:37:12 AM jackie9978
You DID remove it, but the fact remains, EBAY permitted this information to be posted. And many people, myself included, are questioning the safety of EBAY.
8:37:30 AM jackie9978
So, Paypal redirected this information to your discussion board........
8:37:43 AM jackie9978
Steven S.S. that sounds so bizarre, is that the official story?
8:38:55 AM Steven S. S.
It was a glitch in the link on the eBay website link for PayPal because of which it got posted and which I already explained you many times.
8:39:15 AM jackie9978
Okay, it was a glitch on the EBAY link not Paypal now? Gotcha.
8:39:48 AM Steven S. S.
It's not that eBay knowingly allowed this to happen.
8:39:50 AM jackie9978
Steven S.S., don't you think EBAY should alert everyone that this ''glitch'' happened? And that you're taking precautions that it doesn't happen again?
8:42:35 AM Steven S. S.
I agree with you. However, it has been removed from the discussion board and our team is working on it.
8:42:58 AM Steven S. S.
Any update on this will be put on the announcement board to aware our members.
8:43:09 AM jackie9978
Steven S.S. acting as if it never happened isn't putting any faith into Ebay, but thank you for your time. Have a nice day.
8:43:40 AM Steven S. S.
You're welcome!
8:43:45 AM Steven S. S.
Is there anything else I can help you with today?
8:43:50 AM jackie9978
That will be all.

Update on eBay Security Issue   Update on eBay Security Issue
by: retired_seller
Fri Sep 28 00:01:31 2007
I stopped selling about a year ago.  One of my accounts appears on the list of hacked accounts.  The credit card info matches the info I used when I set up my seller account.  Fortunately it's no longer valid.

Ebay asks for credit card info when you start to sell but apparently does not ever check again to see if the info is still valid.  Therefore, the numbers posted by the hacker will be a mix of currently and formerly valid credit card numbers.

Also, I have now been sanctioned from posting to the discussion boards.  I was slapped six times for discussing hex codes and other encryption issues.  I was slapped four times for telling people that the best protection is to never ever click on a link in an email.  I was slapped six times for quoting or mentioning the names of posters whom I have been told have also been sanctioned.  Not bad for a mornings word, huh?
Update on eBay Security Issue   Update on eBay Security Issue
by: Louise
Fri Sep 28 09:53:34 2007
I am so frustrated by not having a verified answer on whether or not any of the credit card IDs are valid or not.

I don't believe eBay, but I wish Auctionbytes would do a follow-up now that people have had time to cancel the credit card numbers posted if they were good numbers in the first place.  I want to hear from an independent source that they were able to verify that a valid number was posted.  

I have now seen 4 posters report they were on the list and the numbers were valid.  And I would like to believe every one of them, but one of the most virulent anti-eBay posters has admitted to having 24 eBay IDs and considers Vladuz to be Robin Hood's first cousin, so I can't fully let go of my reservations.  

The post above sounds totally credible until that last paragraph and then it just starts to look like another person with eBay issues.  

I have a particular problem with this statement:  ''I was slapped four times for telling people that the best protection is to never ever click on a link in an email.''   I'm sorry, but you won't get slapped for that.  I can see slaps coming at you for mentioning sanctioned users, and possibly for the code discussion - although they would have to label it differently, but not for advice that eBay itself gives out.  Not multiple times.  Not even if you have a troll following you around reporting everything you post.  You got reported for something else, or there is something wrong with your story.  

I have posted lists of names, articles from Auctionbytes, little dialogues with Vladuz and have thrown the Vladuz name out there over and over again and I have yet to be slapped for any of it, although the two lists of names were pulled.

And don't tell me about the guy with the ipod purchase - he stated that the number he gave was ultimately denied, so his story just ended in a big question mark too.  I'm getting tired of not being able to get past that question mark.

Update on eBay Security Issue   Update on eBay Security Issue
by: bi08
Fri Sep 28 11:44:54 2007
....and today there was evidence of a new hacking. The Me page of eBay employee Scott Noyce was hacked and all his personal info was listed.

In addition, a link from the hacked me page led to a site which accused eBay of maliciously targeting and harassing their site because they had been critical of ebay in the past.

The Me page (and Trust and Safety board thread) have now been removed, though the Me page was up for at least 4 hours and the thread for an hour.

http://www.shenemanfamily.com/vlad2.html has been updated to show the latest compromised info
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Fri Sep 28 13:18:24 2007
A hacker with a grudge must be the most dangerous kind of intruder.

I can see why he'd target the eBay employee who emailed that German website demanding that it remove its Vladuz page.

Wonder whose info we'll be seeing next.

Update on eBay Security Issue   Update on eBay Security Issue
by: vladuz
Fri Sep 28 14:03:05 2007
who's information would you like to see? ;p
Update on eBay Security Issue   Update on eBay Security Issue
by: helix
Fri Sep 28 17:20:20 2007
Hi Vladuz!
Just an idea.. the credit card and ccv2
numbers are correct?
But they are not on there right place?
Not belong to the respective account?
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sat Sep 29 06:10:01 2007
Helix ... I'm not sure if that was Vladuz who posted the comment before yours as I received a message from Vladuz (definitely the real one) on Pheebay.com asking me to contact Ina re a message on here from "Vladuz", wanting it removed because he is not the author.
I think you are also a member of Pheebay.com so perhaps you would like to post a message in this thread for Vladuz http://www.pheebay.com/forums/viewtopic.php?t=3048
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sat Sep 29 06:11:41 2007
Made it easier, you can click on my name to get to the thread :-)
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sat Sep 29 06:13:06 2007
That didn't seem to work :p
Update on eBay Security Issue   Update on eBay Security Issue
by: louise
Sat Sep 29 08:54:11 2007
"...I received a message from Vladuz (definitely the real one) on Pheebay.com"

Octavia, I know you've got some loser on your site calling himself Vladuz and you and your regulars fawn on him in rather pathetic fashion every time he drops in on you, but how on earth do you know he's the real one?
Update on eBay Security Issue   Update on eBay Security Issue
by: chopsbuster
Sat Sep 29 14:36:17 2007
This was eBay's spiel on Wednesday, in 'The Chatter' blog:

''Each of these accounts was the victim of an Account Take Over, most likely through a successful phishing campaign. eBay has been in contact by phone with many of these members, and there is a My Messages email going out to impacted accounts to further our reach.''

That explanation was plainly untruthful.  If eBay honestly believed that the accounts had been hijacked, those accounts (all 1,200 of them!) would have been shut down immediately until they could be restored to their rightful owners.  That has always been eBay's policy in the event of account takeovers, as eBay's spokesman Hani Durzy told AuctionBytes on Feb. 23rd (http://www.auctionbytes.com/cab/abn/y07/m02/i23/s01), and indeed it's the only policy that makes sense.  To email a hijacked account, so that the email will be received by the hijacker rather than the true owner, is obviously absurd... yet that's what eBay claims to have done this week.

Join the discussion here: http://www.thecarwashlive.com/forums/showthread.php?t=6083
Update on eBay Security Issue   Update on eBay Security Issue
by: JC
Sat Sep 29 18:03:13 2007
I received a message from Vladuz (definitely the real one) on Pheebay.com asking me to contact Ina re a message on here from "Vladuz", wanting it removed  

I find this hilarious. The big, bad hacker has to have someone ask to have the post removed? Why can't he remove it himself - he is a "hacker" after all...
Update on eBay Security Issue   Update on eBay Security Issue
by: sandypurins
Sun Sep 30 04:26:46 2007
vladuz, My eBay ID is sandypurins... can you change my eBay ''me'' page or post my personal information on the eBay PayPal board?
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Sun Sep 30 09:47:28 2007
:)

http://www.youtube.com/watch?v=7ZLEMuFwl_Q
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Sun Sep 30 10:07:14 2007
One more thing, with regards to the "brand name" and ‘A Cappnonymous Public Service Video’ comments etc.

Everyone can go to youtube and search "consumer awareness". google my youtube name with the same terms.

If you folks don't like my style. Sorry.

Style is something that *runs in the jeans*

:p
Update on eBay Security Issue   Update on eBay Security Issue
by: vladuz
Sun Sep 30 10:29:56 2007
Style is something that *runs in the jeans*

So is diharrea ;p
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sun Sep 30 11:28:38 2007
by: JC
Sat Sept 29 2007 18:03:13

I find this hilarious. The big, bad hacker has to have someone ask to have the post removed? Why can't he remove it himself - he is a "hacker" after all...

What, you would expect him to email Ina direct giving her all the details contained in an email header or hack into a site such as this ... why would he bother when he can ask someone through a pm system to do him a simple favour.
Update on eBay Security Issue   Update on eBay Security Issue
by: retired_seller
Sun Sep 30 12:41:50 2007
QUOTE: I have a particular problem with this statement:  ''I was slapped four times for telling people that the best protection is to never ever click on a link in an email.''   I'm sorry, but you won't get slapped for that.

--------------------------------

You are wrong, sorry.  I looked for the reasons and found five slaps.  The first two were for repetitive posts.  The third was for impersonating Ebay staff.  The fourth and fifth were for failing to follow staff intructions.

I posted to more than one board over several hours.  All of the slap emails came a few hours later, within a ten minute time frame.  The email that said I was indefinitely sanctioned came in before any other emails.  In the middle of the slap emails I also got a seven day sanction.  A total of five Ebay admins or mods signed off on the reports.

You picked the least important part of my other post to pick apart.  I wonder if you've ever posted to the Ebay boards because if you did you would know how stupid and illogical the report system is and how many posts get slapped for false complaints.
Update on eBay Security Issue   Update on eBay Security Issue
by: JC
Sun Sep 30 18:37:01 2007
quote: What, you would expect him to email Ina direct giving her all the details contained in an email header or hack into a site such as this ... why would he bother when he can ask someone through a pm system to do him a simple favour.

I suppose it's semantics, but what one person might consider a 'favour', another might consider aiding and abetting a criminal. Glad you're so free with your favours. Why don't you do eBay sellers a favour, and turn the information you have on this creep into authorities?
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Sun Sep 30 18:50:11 2007
It is indeed time to turn some creeps into the authorities.
I recommend not wasting one more keystroke for the sake of ebay.
It is clear that this matter and related issues need Gov't intervention.

Ebay needs to be accountavble for all this. THe facts are clear, they have changed the sory too many times, censored, deleted, made unavailible too much info. They are not to be trusted.

Please everyone complain to Federal Law Enforcement, State AGs, etc, major media!
Update on eBay Security Issue   Update on eBay Security Issue
by: justme
Mon Oct 1 12:36:31 2007
I don't know how bad this is. But I do know this: From a group on the website, on ebay. It is a small group. Less than 50 people. Since Friday, we have had 3 people with cc or bank card registered on Paypal hacked into and charged! Yes this is real, these are all powersellers. People are just not posting on Ebay for fear.
So....is there anything that can be done?
These people are experienced ebayers, lots of feedback, they don't get hacked easyly by clocking on links or answering to emails. This happened directly from paypal!
Update on eBay Security Issue   Update on eBay Security Issue
by: vladuz
Sat Oct 6 16:15:13 2007
http://forums.ebay.com/db2/thread.jspa?threadID=2000445800

any questions???
Update on eBay Security Issue   Update on eBay Security Issue
by: Ecm
Sat Oct 6 20:29:55 2007
Vlad..post over on one of the Ebay message boards.  There are too many who still doubt whats happening.  It needs to be made a little clearer.
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sun Oct 7 06:49:09 2007
For the further information of those who don't understand these things ...

Vladuz always seems to use proxy servers and it has proved impossible to track him.

A favour is when someone you know is being impersonated and you try to set the record straight.

Aiding and abetting a criminal is when you become involved in that criminal's activities.

Would you like a lawsuit against you for making false accusations against me?

And I have absolutely no doubt whatsoever that the Vladuz on Pheebay.com is the real deal.
Update on eBay Security Issue   Update on eBay Security Issue
by: 0ctavia
Sun Oct 7 06:56:30 2007
The second last comment in my previous post was aimed at JC by the way, and I would just like to point out that I keep an open mind on all subjects.

I would neither call myself a supporter nor a detractor when it comes to Vladuz. He has done me no wrong and I have no evidence to say the guy is either a devil or an angel.

It's also highly unlikely that any of us will ever know whether he is a genuine hacker or an eBay insider acting on instructions to spice things up on the eBay boards.

After all, such incidents could send the stock plummeting, which would be fine if you wanted to buy some eBay stock cheap.
Update on eBay Security Issue   Update on eBay Security Issue
by: Vlad impaler
Sun Oct 7 22:25:06 2007
I've figured out why vlad gets bored and does these things....all the prostitutes and hookers come from romania,leaving our vlad with no sisters or girlfriends to play with.I think they send them to turkey to "work".......at least you still have mommy to entertain you at night.


Leave your comment for
Update on eBay Security Issue
 
Name:
Email:
Link Email: No.   Yes.
Subject:
Web Site:
 5 9 8 0 2 0
Enter Code:
Comments:
   
Recent Posts

Recent Comments





Archives
Site Index
Copyright 1999-2009. Steiner Associates LLC. All rights reserved. Privacy Policy.


Powered by Perl Web Blog
© 2005/2009 Ranson's Scripts