Posted on 09/26/2007 7:25:05 AM PDT by publana
Yesterday I got an email saying I needed to update my Paypal credit card information
I doubt this is related. I manage mail servers for my company and we get these sorts of things all the time. SPOOFING or PHISHING emails are very common and hard to fight. You are doing the right thing however when you use the "real" url.
I doubt from what I can see here that eBay was hacked.
Rather it looks to me like some accounts were phished, and then someone started posting the details of those phished accounts on an eBay forum.
So it may well be that TomGuy's description of a phishing attempt is very related -- that's how this information was collected in the first place.
The subsequent posting of that information today is in some ways actually a good thing. The bad guys already had these eBay accounts. Now the rest of us have them, and the account owners and eBay are warned.
But in any case I see no evidence whatsoever that eBay's computers were hacked. I only see evidence that some particular accounts were hacked, which is usually done using phishing attacks.
By "phishing attack", I mean someone gets you to click on a link, either in an email or a web page forum, that you think leads to site you trust, such as eBay, but which actually leads to a fake site that looks the same. You login to that site, thinking you are logging to the site you trust, and the owner of that fake site has just seen your login and password information. They can now login as if they were you to that trusted site.
hun?
Ebay is pulling and ‘cleansing’ info about it.
Created in: Forum: Trust & Safety (Safe Harbor)
Posted: Sep 25, 2007 12:20 PM
The Chatter team has blogged about the recent TnS forum’s issue - read more details below. Here is a link to the article: http://www.ebaychatter.com/the_chatter/2007/09/trust-safety-fo.html
Some of our readers may have learned of an issue that occurred early this morning on one of our discussion forums. I’ve been talking with our Account Security and Legal teams, and I’d like to share some more details about this incident.
Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.
The posts ALSO appeared to contain credit card information — however, these credit cards are not associated with financial information on file for these users at eBay or PayPal. We’re in the process of reaching out by phone to these members to, so that if the information is valid somehow — regardless how this fraudster acquired the information — these members can take the steps they need to take to protect themselves.
eBay and our forums vendor, LiveWorld, began taking steps to remedy the situation within an hour after it started. As things evolved behind the scenes, a decision was made to make the the Trust & Safety forum unavailable to our Community. It’s still temporarily inaccessible, as the teams work on this issue.
I’ll update this story later as we have more to share.
Sincerely,
Avery
“Yesterday I got an email saying I needed to update my Paypal credit card information. It gave a link to click on.”
That is phishing scam artists - don’t fall for it. If you click the link it will take you to a convincing looking web site - but it is no Pay Pal. You could get these from Ebay, Paypal, your bank or credit union, etc.
I knew it was only a matter of time.
How on earth did flea-bay put that information in such a position that it could possibly be hacked?
I’m keeping my fingers crossed and the e-bay memo is right and this was just a “malicious fraudster” on their forum.
Stock manipulation!
Ping to read later
Maybe it was somebody PO'd with eBay's awesomely slow responses to legitimate user reports of various violations, who decided to make eBay management pay. Neat trick, arranging to have the whole world find out that it takes them an hour and a half to address an absolutely top priority problem that's sitting on their own systems. Of course, they probably didn't even receive the first complaint for at least half an hour, since anyone trying to report any problem of any kind has to wade through all kinds of windows and answer stupid questions before finally being presented with a "Submit" button.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.