Posted on 09/26/2007 7:25:05 AM PDT by publana
http://forums.ebay.com/db2/thread.jspa?threadID=1000565444&start=0
Ebay was hacked today. Users complete credit card information was being posted today on eBay's Trust and Safety board including name, cc number, CCV, paypal info, etc. It took eBay over 90 minutes to finally pull down the Trust & Safety server to remove the publicly posted information. If you have an eBay or PayPal account, you might want to monitor the above link.
I hope my info wasn’t posted.
OMG!..............
ebay hack ping - not good!
Thanks for posting...I have no way of verifying if any of my information has gone out there, eBay darn well better let me know if it has.
If anyone suspects their information is compromised, they should put a fraud alert on their bank and credit card accounts, or at least monitor them for the next few days.
bttt
BTW...I had a guy with a middle eastern accent calling from Britain try to buy a car from me a few months back, outside the usual protection of the ebay service. Be careful people.
If cc info was in paypal, how would hacking ebay get that info?
Or do some people put cc info into ebay itself?
ebay owns paypal
bttt
Seller fees can be paid with a credit card.
Curious. I wonder whether there is any connection to this:
Yesterday I got an email saying I needed to update my Paypal credit card information. It gave a link to click on.
While I do have a Paypal account, it is inactive and I seldom use it. I don’t even have a credit card listed on it.
I never click on those email links, as I am always suspicious of them. I go to the webpage by typing in the address in the browser or using a ‘real’ url link in my bookmarks/favorites.
funny. i just went to ebay without using your link, and could not find anything about this. i never use supplied links to any web site involving passwords/financials - I enter the url myself.
I went and checked it out, but I cant see a list of users who were compromised. I understand that they wouldn’t want to leave the actual CCs listed, but they should leave up a list of the affected users.
Don’t you put cc info into ebay when you are a seller? It’s been a while since I sold anything.
I have an eBay account but no Paypal account. Should I be worried?
Post #9 may be a start.
From whence cometh your info?
There are almost as many scam emails for eBay and/or PayPal as there are Nigerians.
Did this "Alert" come via an email?
Should I contact PayPal, as they have the CC info.
Almost 100% of the time is a phishing E-Mail.
bump
TomGuy,
You should forward the email to:
The are working hard to try to track down and stop all the phishing and spoofing.
Ping to self for monitoring. My name is not on the list, per post #9, but I wonder if Ebay will make any kind of formal announcement about the breach. Seems like they are obligated to do so to help their customers combat the fraud.
Google news search on ebay + hacked shows several news articles about it.
http://news.google.com/news?hl=en&ned=us&q=ebay+hacked&btnG=Search+News
ping
If you didn’t do any buying on ebay yesterday, then you’re not in danger anyway.
It probably wasn’t a hack, but a data transfer error. That’s why it took so long to terminate.
ugh. my name is not on the list but im going to assume it’s been taken. time to call my credit card company.
It was 1200 names running from a script every 15 minutes on their safety forum.
http://www.channelregister.co.uk/2007/09/25/ebay_account_details_published/
“If cc info was in paypal, how would hacking ebay get that info?
Or do some people put cc info into ebay itself?”
Ebay now owns PayPal.
But neither one will ever send you an e-mail asking for updated information because any information you entered when you registered is kept indefinately, unless you go directly to their website and update it yourself.
ANYTIME you get any e-mail claiming it is from either Ebay or PayPal, go directly to their websites and check whether you have any new ‘messages’ there. If you don’t, then the E-mail is nothing more than ‘Phish’ mail trying to get your credit card and account information.
Copy the entire email and send it to Ebay, or ignore it and block the senders address.
I often get those emails and I don't even have a PayPal or eBay account. *delete*delete*delete*
It happened. The main suspect is Vladuz, a well known cracker of Eastern European origin (Russian, Romanian).
Ebay is making phone calls to the affected ID’s, but at this time there is no evidence that the credit information was accurate or valid. The cracker looks to have been trying to create negative publicity and anxiety in the user base. Great way to start the “sell” season.
Ebay claims it was not hacked, but that the information came from phished accounts.
It was announced in the obscure eBay Chatter (eBay usually releases bad news this way) and also discussed in the AuctionBytes blog and several private forums for professional ebay sellers.
Ebay shut down the Trust and Safety forum and scrubbed references to it from many of the other ebay forums they host, as per their usual sweep it under the rug and hope it goes away SOP.
I can’t believe you pulled this from breaking news. That is the only way that I learned of this extremely important information. Please put it back in breaking. I does matter a lot to some people. Ebay certainly isn’t forthcoming with the info.
for later
My account isn’t there.
Keep this up in breaking, please.
From reading the entire ebay thread, I’ve seen multiple stories come out from eBay. Knowing eBay, I don’t have much faith in any of their stories. I hope it’s a hoax, but I cancelled my credit cards, notified my bank, and changed all passwords just in case.
No, it didn’t come via email. It came from an eBay discussion board (did the link not work?) where users sat and watched the information being posted.
I just changed paypal password,here’s a bump.
Bump
Ah, yes, paying by check....
One thing I’ve seen with some of these links, they use scripts to try to overlay official ebay links, especially the ebay login page link, onto your address bar. When your screen comes up, it will almost look as if it’s the official ebay site, address and all.
Just to add to your info.
OK We are not on that list.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.