728_header.jpg (23748 bytes)
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
Subscribe to our 2 FREE Newsletters!
Google  Web AuctionBytes  

Home
Subscribe
Blog
Letters to Editor
Podcasts
Forums
AuctionBytes TV
ABU Back Issues

Sponsor

COOL TOOLS

Calendar
eBay Fee Calculator
Collectors' Links
eBay Promo History
Bookshelf
Fraud Resources
Auction Site Fees
Auction Management
Payment Services
Storefronts Chart
Sniping Chart
Consignment Services
Drop-Off Store Laws
Ecommerce Resources
Photo Tips
Marketing Inserts
Yellow Pages
Classifieds

AUCTIONBYTES

Our Writers
Write For Us
Partners
Press
Advertising
About Us
Link To Us
Ina Steiner AuctionBytes Blog
News and insight focusing on
ecommerce and the online auction industry
by Ina Steiner, Editor of AuctionBytes.com
September 25, 2007
Perminate Link for Update on eBay Security Issue   Update on eBay Security Issue
By: Ina Steiner
Tue Sept 25 2007 14:07:47
eBay's Trust & Safety board remains closed after eBay took it down this morning when threads began appearing listing what appeared to be confidential user information. (See article here.)

We've contacted several people whose information appeared to be exposed in an effort to verify whether the information in the postings were correct. Multiple people have confirmed their address was correct. One person said the credit card number did not belong to him, and others have yet to get back to us to confirm their credit card number one way or the other.



Users have speculated that Vladuz may be behind the incident. While the posts did not contain the name Vladuz, they contained a line, "SGI Inc. - emocnI gnitareneG rof snoituloS." The letters are Solutions of Generating Income spelled backwards. When the Romanian hacker Valduz posted in February on the eBay boards, one of the names he used was Vladuzsgi.

eBay said at the time that while Vladuz had obtained access to a "handful" of customer service representatives' email accounts, he never hacked into the site or accessed any customer data.

We are still waiting to hear from eBay about this morning's incident.

Update: 9/25/07 2:45 pm Eastern
eBay's Chatter blog acknowledged the incident at 2:15 and stated that the credit card information that appeared in the postings was not linked to financial information on file for those users at eBay or PayPal.

Reading AuctionBytes Blog: Update on eBay Security Issue
Comments (72) | Leave Comment | Permalink
Readers Comments

Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Tue Sep 25 21:03:13 2007
I’m not ragging on the guy for doing them – it’s great that he takes the time and effort to create these alerts.

Giovanni, at the risk of going off-topic for a minute, allow me to make a suggestion (as someone who works in the entertainment industry) that might help you get more exposure for your work, minimize any confusion about your intent in creating these videos, and help you build a reputation for the quality of the ‘product’ you create:

Establish a brand image.

Every one of your couple dozen videos posted on youtube could have a simple title card along the lines of ‘A Cappnonymous Public Service Video’.  

A reputable brand is a valuable thing to have.
Update on eBay Security Issue   Update on eBay Security Issue
by: DOC
Tue Sep 25 21:25:15 2007
Here are some screen shots..
http://www.ebaymotorssucks.com/vladuz-is-back-again.htm


And a partial user list..
http://www.ebaymotorssucks.com/ebay-users-info-compromised.h
tm

DOC
Update on eBay Security Issue   Update on eBay Security Issue
by: Greg
Tue Sep 25 21:56:39 2007
The best list I've seen since this morning, when I witnessed the postings, is here:

http://shenemanfamily.com/comp.html

This is ID's only. No personal info of any kind and it's fairly comprehensive as it was compiled from Screen shots by many people that colaberated to be certain that it was accurate.
Update on eBay Security Issue   Update on eBay Security Issue
by: Dennis
Tue Sep 25 23:18:36 2007
Hi Ina,

Thanks so much for your speedy coverage on this fiasco.

I have a glaring question however...

This isn't just about 15 credit card info posts, nor even 1,200 posts of user names and credit cards, both of which would be terrible. There is a much more serious and deeper issue.

The cracker may have gotten access to the mother lode database of userids, names, and credit card info.

What makes everyone think that the cracker ONLY GOT JUST THE INFO POSTED??! And what is eBay doing to close the likely hole and how long will it take them to close the hole(s)? Will they tell you when it is secure? I believe they won't tell the members anything further.

If the database was violated, then eBay needs to be honest with its customers about how exposed each member was to the cracker's attack beyond just showing 1,200 member's info to the public. As you inferred, it is likely the IDVerified etc. means the cracker got more than phishing info, rather, database access. And eBay suggesting that this was account takeover suggests that this person has been into 1,200
accounts to be able to do that... Is that credible? Did this cracker spend the hours and days logging into
each of 1,200 accounts so they could then embarass eBay and scare the members? Or is it more likely
this came from exactly one source - probably a database.

And what prevents the cracker from selling these accounts to thieves or posting them to some cracker shared resource of valid numbers, etc. assuming there are MORE than 1,200?? People need to be thinking about their exposure.

I have an account, didn't see the posts, don't know if my ID and info was posted, and even if it wasn't I am concerned that it could be compromised shortly if the cracker has more than was publicly shown probably as a taunt to eBay and a brag to fellow crackers.

I hope the Feds catch him/her quickly. But until then, the customers need to know that their info isn't necessarily safe even if they didn't get their hours in the spotlight.

All the best.
Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 00:07:18 2007
Thanks, Greg, for the pat on the back for the webpage!  I've just updated it with the latest of names I've been sent, and it's up to 567 names.  Not even half of the ones known about.  

And I agree with other posts - just because your name may not be on the list doesn't mean you should completely relax.  I've yet to hear a credible theory of how this information was gathered and posted to begin with.

We would all be well served to change our passwords, and monitor our banking and credit card accounts very closely in the near future - if not out right cancelation of them all and replacements getting issued.
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard Chemel
Wed Sep 26 01:06:28 2007
Ina, what concerns me most is 1) that eBay posted in the eBay Chatter about this incident, and not on the announcement board 2) that it happened to the security arm of eBay T & S. and after being notified it still took them over an hour to pull the posts down.

As an eBay seller and writer I just posted a story on this security breach. I cannot believe the spin that eBay's Press Rep gave You. Are we stupid? Once again, eBay tries to sweep this under the rug, and appears to be in denial. If someone can get into our personal info, why shouldn't we be really concerned. Can the same person get into Paypal too?

Take Care
Richard
Link to my story

http://eplay.typepad.com/eplay_online_sports_fanta/2007/0
9/ebay-trust-safe.html
Update on eBay Security Issue   Update on eBay Security Issue
by: just_passing_by
Wed Sep 26 04:29:28 2007
excellent read here!...

imo: insiders
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard
Wed Sep 26 10:32:08 2007
Let's face it: eBay is over the hill, knows it and is desperately trying to do something about it.  I'm only a silver powerseller with about 7000 FB, but I've started diverting my sales away from eBay in favor of my own website and other uBid.  eBay clearly does not care about the sellers who make the money for them, or the buyers.  everything they do (and don't do) points in that direction.  Nuff said.
Update on eBay Security Issue   Update on eBay Security Issue
by: jsicolts
Wed Sep 26 10:52:22 2007
LOL. Love it. More ebay lies & baloney. DENY DENY DENY but abuse your sellers. We hate eBay. And actually sell MORE now on BETTER sites like eCrater, Alibris, Biblio, etc.
Update on eBay Security Issue   Update on eBay Security Issue
by: Richard Chemel
Wed Sep 26 11:29:15 2007
Ina...the statement eBay spokesperson Nichola Sharpe said, "We think the fraudster obtained the eBay User names and IDs from previous account takeovers"

is the most ridiculous statement from a PR Flak I have seen in years- EBAY THINKS?  "Thinks" is an term that suggests that eBay doesn't really know yet how the information was gotten.
The story is a sad commentary on eBay, and the handling to users and to the press is pitiful.

Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 11:52:23 2007
Came across an internet article last night about how a large phishing attack was launched against eBay in August.  Timing would be about right, for this information gained via phishing to now be getting published on eBay.  There is currently another phishing attempt being conducted on eBay also, involving auctions associated with porn images.  When you click on the auction, to either look, or report the auction, you are redirected to an eBay "login" page which is not legit.  I don't know that the earlier phishing was behind this all...but it might have been.
Update on eBay Security Issue   Update on eBay Security Issue
by: Gina
Wed Sep 26 12:26:05 2007
I just found out about this about an hour ago.  I'm trying to read everything I can about it, but I still don't understand what I should do.  Is it recommended to completely cancel my seller account & establish a new one or to just get out of eBay and use other auction sites that are out there?  I've had my eBay identity frauded a couple times in the past 5 years, and don't want to deal with it again!
Update on eBay Security Issue   Update on eBay Security Issue
by: pj
Wed Sep 26 12:52:40 2007
Personally, I don't believe a word anyone says at Ebay.  I think that everyone at Ebay has had the ethics and integrity corrupted by their paycheck.  About a month ago, I received a 2nd chance offer.  I knew the seller and had purchased from him many times.  I had bid on the item, but had lost.  What my question was....how was I sent a second chance offer by a fraudster on an auction I bid on to the email address listed with my Ebay ID??  When I bid, it shows my Ebay ID, but it does not show my email address.  The sellers account had not been hacked...and he wouldn't have had my email address from that auction anyways...as I had not won.  The second chance I received came to the right email address for the ID and was not through Ebay's system.  I sent a letter to Trust & Safety....and they said in fact it was bogus and not to answer it (duh)...but completely mum as to HOW IT HAPPENED??!!
Now, I am dealing with another problem ''STEALTH EBAY POLICIES''..these are policies that are written NOWHERE ON EBAY, but that Ebay is enforcing on sellers and thereby delisting sellers good auctions(got an email from Trust & Safety verifying my comment).  Apparently, instead of publishing their new policies (say like on the General Announcement Board), Ebay is diseminating the information via backroom discussion boards, trade magazines (people may or may not get) and have employed the A.N.A. as their publicist, author and the AUTHORITY of their new policies (to bad Ebay didn't tell the A.N.A. that was their role in Ebay's Policies).  Way to step up ebay.  I may sell on ebay,,,,,but I am not confused....EBAY IS NOT MY PARTNER AND NOT MY FRIEND!!!  Ebay would sell me and any other buyer, seller, commercial industry or hobby, if it meant bigger profit dividends for their share holders!
Update on eBay Security Issue   Update on eBay Security Issue
by: Carol
Wed Sep 26 13:49:18 2007
Well, I'm still trying to find out if my user id was on that list. I've already changed passwords and deleted any personal info, although it won't help with this episode.
This does explain why in the past 3 weeks my PayPal account, bank account and one credit card have all been compromised to the point of being frozen -- and the only commonality between the 3 is eBay/PayPal.

Any updated lists or info?
Update on eBay Security Issue   Update on eBay Security Issue
by: Boycott Ebay
Wed Sep 26 13:53:01 2007
It seems that Ebay has a long reach and they are actively seeking to bury this story. The YouTube video produced by Cappnonymous and referenced here has been shut down. Anyone who still thinks Ebay has nothing to hide is a fool.
Update on eBay Security Issue   Update on eBay Security Issue
by: dimes
Wed Sep 26 14:40:23 2007
The pulldown itself may become a talking point that will get more exposure for the security breach by adding to the perception that eBay is trying to hide something.

What was the ‘terms of use’ violation that google is citing for the removal?
Update on eBay Security Issue   Update on eBay Security Issue
by: Sheila
Wed Sep 26 14:50:09 2007
www.shenemanfamily.com/comp.html updated.  1055 names.
Update on eBay Security Issue   Update on eBay Security Issue
by: Report this to privacy groups and media
Wed Sep 26 14:54:38 2007
I think everyone who has their hands on that list needs to contact CNET. They broke the news about AOl security breaches as well as Ebay when their crapolla servers broke down with outages (that ebay wouldn't fix until CNET put the screws on them) http://tinyurl.com/227bhq

This type of data breach can only be rectified when someone over at Ebay is embarassed enough in major media to take serious action at protecting the site. This is a major data breach. Ebay talks on capitol hill about its state of the art, leading edge internet security tactics. They BOAST about it their internet security on The House Committee on Energy and Commerce, one of the highest committees there is! It is time to take it outside of asking and begging ebay to do something. its time someone lost their end of the quarter bonus again. So get on the phone and call the hotline and tell them Ebay has allowed another data breach, this time of 900 users including credit card information. It doesn't matter what ebay says, whether it is credit card info or not. If it LOOKS LIKE IT then that is something this Committee is going to investigate. This is going to happen again and again until enough of us pick up the phone and say the same thing to the same people. If our names are not on the list now, do you want to take the change it will be on the next round?

Committee on Energy and Commerce
Phone: (202) 225-2927.

I called. Is keeping ebay safe important  enough for you to call also?
Update on eBay Security Issue   Update on eBay Security Issue
by: mad
Wed Sep 26 14:56:40 2007
Read Meg and her crew talk about how safe ebay is making the internet

http://tinyurl.com/2ybkn8
Update on eBay Security Issue   Update on eBay Security Issue
by: GiovanniV666
Wed Sep 26 15:15:21 2007
Hello everyone. The video has been pulled, as we all know, for alleged "Terms of Use" violations.
Funny part is that I have not heard a single PEEP from youtube as of what those violations may haver been, nor even a notice that it occurede, other that what we see on the page now.

The video lives on, see my blog at brave net for links. Please do not allow this important consumer safety issue to be swept under the ebay rug, as so many others seem to have been so very many times.

Thank you.
Giovanni
Click to view more comments
1 2 3 4  [Next Page]


Leave your comment for
Update on eBay Security Issue
 
Name:
Email:
Link Email: No.   Yes.
Subject:
Web Site:
 1 2 2 9 2 0
Enter Code:
Comments:
   
Recent Posts

Recent Comments





Archives
Site Index
Copyright 1999-2009. Steiner Associates LLC. All rights reserved. Privacy Policy.


Powered by Perl Web Blog
© 2005/2009 Ranson's Scripts