Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
Hackers have posted personal information on 1,200 Ebay customers to an Ebay forum, dedicated, ironically, to fraud prevention. The information was up for around an hour this morning before Ebay shut the forum down and displayed email details, CVV2 numbers, telephone numbers, home addresses and possibly credit card details to visitors.
Ebay says the information was not acquired through a breach of its security and suggests it was likely obtained through phishing or account takeovers. The company also says that the credit card details displayed do not match those on either its own or PayPals servers.
Ebay Anti-fraud Forum Hit By Fraudsters [pcpro.co.uk]
Hat tip to bwnbwn [webmasterworld.com...] (-subscription required)
Ebay's forums are full of people who would love to use a different service... but who do they use?
Ebay has a monopoly. It might not have a technical lock-in like Windows, but in practice there's no real way for rivals to compete with Ebay, even though there are plenty of potential customers for a rival service.
And of course as soon as you become a profitable monopoly, there's almost no pressure to maintain quality control on your product. You can do what you like, and your customers have nowhere else to go.
I received a letter from ebay a few days ago addressed to a fictitious individual in my company. Seemingly, someone has created an ebay account in my company's name. I was forced to phone a premium rate number to get a valid email address to report this problem. I received a bog-standard reply along the lines of "we have taken appropriate action...".
The reply did not refer to any of the specific points I raised and a subsequent email has been completely ignored. Given that ebay presumably has bank details of this fraudster and logged IP address data, etc. if they fail to treat this matter properly, I'll take it to the police - and if they don't sort it out, I'll take it to the press. Naturally, I plan to get the cost of the premium rate call refunded too.
The guy I spoke to mentioned that I was not the first person he'd spoken to with this problem.
Ebay says the information was not acquired through a breach of its security and suggests it was likely obtained through phishing or
Meaning that the information COULD have been taken from eBay, they just don't know it (meaning the hole is still there).