I can't help but to wonder just how ebay's PR juggernaut is going to gloss this over -
- - - but they will with little or no ramifications.
No matter how you slice it, whether they were hacked or there was a "server issue", ebay had a serious security breach that needs to be addressed directly to its customers.
Quote:No matter how you slice it, whether they were hacked or there was a "server issue", ebay had a serious security breach that needs to be addressed directly to its customers.
They were hacked, bet money on it. But you're right, Fg. And, the hacker very likely has access to the entire user database. He/she was interupted in the middle of posting/sending info.
Btw, I should have mentioned earlier that Paypal and bank info were also included.
As posted by Avery on The Chatter(bolding is mine):
Quote:Posted by: avery@ebay.com View Listings
Created in: Forum: Trust & Safety (Safe Harbor)
Posted: Sep 25, 2007 12:20 PM
The Chatter team has blogged about the recent TnS forum's issue - read more details below. Here is a link to the article: http://www.ebaychatter.com/the_chatter/2...ty-fo.html
Some of our readers may have learned of an issue that occurred early this morning on one of our discussion forums. I've been talking with our Account Security and Legal teams, and I'd like to share some more details about this incident.
Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.
The posts ALSO appeared to contain credit card information -- however, these credit cards are not associated with financial information on file for these users at eBay or PayPal. We're in the process of reaching out by phone to these members to, so that if the information is valid somehow -- regardless how this fraudster acquired the information -- these members can take the steps they need to take to protect themselves.
eBay and our forums vendor, LiveWorld, began taking steps to remedy the situation within an hour after it started. As things evolved behind the scenes, a decision was made to make the the Trust & Safety forum unavailable to our Community. It's still temporarily inaccessible, as the teams work on this issue.
I'll update this story later as we have more to share.
Sincerely,
Avery
What a cheap shot for them to claim that the credit card info was not from ebay or Paypal. Hell, where else would it be from?? :
According to a number of users whose accounts were listed, the credit card info was valid, including the ccv.
I can see a big lawsuit coming..........
eBay is trying to control the spin by blocking the use of certain word strings on the boards. If you try posting the words "credit cards" on one of the boards right now, you'll receive an error message. :
I wonder if they realize that their typical bad handling of this situation is making them look so much worse...........
My merchant account would be canceled immediately if a "server error" exposed the credit card numbers of 1200 of my customers but eBay's merchant account provider will help them cover up their mess. :
:popcorneaters:
TheRegister.co.uk is the only news site covering the story--all the rest are too busy kissing eBay's ass because they're afraid of losing its Fall ad campaign dollars.
full article:
http://www.channelregister.co.uk/2007/09...published/
Quote:Hackers brazenly posted sensitive information including home addresses and phone numbers for 1,200 eBay users to an official online forum dedicated to fraud prevention on the auction site.
The information - which also included user names and email, and possibly their credit card numbers and three-digit CVV2 numbers - was visible for more than an hour to anyone visiting the forum. The miscreants appeared to create a script that caused each user to log in and post information associated with the person who owned the account. The script spit out about 15 posts per minute, starting around 5:45 a.m. California time.
Apparently, ebay has no control whatsoever. :
Today, a number of auctions were set up in such a way that people who clicked on them would report them. When they hit "report", they were redirected to a hacker site, where they logged in. Some of the auctions have been pulled...........
Sorry I don't have more details, but suffice to say, do not report any auctions on ebay for the time being.
[quote author=maggie777 link=topic=16509.msg65151#msg65151 date=1190754388]
My merchant account would be canceled immediately if a "server error" exposed the credit card numbers of 1200 of my customers but eBay's merchant account provider will help them cover up their mess. :
:popcorneaters:
[/quote]
The rules change when your revenues hit $1 billion.
