[Dataloss] (update) eBay forum mysteriously leaks account details on 1, 200 users
lyger
lyger at attrition.org
Tue Sep 25 22:20:07 UTC 2007
http://www.theregister.co.uk/2007/09/25/ebay_account_details_published/
Hackers brazenly posted sensitive information including home addresses and
phone numbers for 1,200 eBay users to an official online forum dedicated
to fraud prevention on the auction site.
The information - which also included user names and email, and possibly
their credit card numbers and three-digit CVV2 numbers - was visible for
more than an hour to anyone visiting the forum. The miscreants appeared to
create a script that caused each user to log in and post information
associated with the person who owned the account. The script spit out
about 15 posts per minute, starting around 5:45 a.m. California time.
An eBay spokeswoman said the posts were not the result of a security
breach on eBay and that the credit card numbers contained in the posts
were not those eBay or PayPal had on file for those users. eBay
representatives have begun contacting all users whose information was
posted to head off any further fraud and to learn more about the attack.
[...]
More information about the Dataloss
mailing list