Russian Web site offered eBay account info for $5

Scope of problem 'would make the hair on your neck stand on end'

By James Niccolai

March 24, 2006 12:00 PM ET

Recommended

IDG News Service - EBay Inc. helped to shut down a Russian Web site this week that was offering to sell stolen customer account information for as little as $5 each.

Armed with an eBay customer's log-in and password, a fraudster could post items for sale, collect payments and then never deliver the goods. The site was also offering to sell a handful of PayPal accounts.

Security vendor Sunbelt Software detected the site Tuesday and reported it to eBay, which worked with the local ISP (Internet service provider) to have it taken off-line, an eBay spokeswoman confirmed. She couldn't say how many user accounts were offered for sale or whether any customers' accounts had been misused.

The site probably collected the information through phishing attacks or a Trojan horse virus that plants keylogging software on users' PCs, said Alex Eckelberry, president of Sunbelt, in Clearwater, Fla.

Attempts to harvest and sell such information are fairly widespread, he said. "It would make the hair on your neck stand on end if you knew," he said.

The site, at ebayseller.cc, was inaccessible Friday morning, but Eckelberry posted screen captures in his blog that appeared to show account information for sale from customers in the U.K., Germany and Australia.

The site preferred accounts that were used infrequently, meaning a user would take longer to notice any suspicious activity, and asked a higher price for accounts with good feedback ratings. Prices ranged from $5 to $25 per account.

"We're in contact with law enforcement to track down the perpetrators and we're going to vigorously pursue this investigation to ensure they are prosecuted," the eBay spokeswoman said.

A check on the Whois database showed the Web site was registered on Dec. 2, 2005, allegedly to a company in Cypress, Calif. There was no reply Friday at the phone number provided, although the site's creator would be unlikely to use real contact information.

EBay reiterated its guidelines for customers to avoid having their data stolen: Be extremely wary of e-mail that ask you to update personal account information, download eBay's toolbar with software that detects fraudulent eBay and PayPal sites and report suspicious e-mail.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Cybercrime/Hacking

Additional Resources

Xerox

Win a color printer!

By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!

Microsoft

Upgrade to Internet Explorer 8 today.

Save time and mitigate security risk. Deploy it now.

Sybase

NEXT-GENERATION MOBILITY PLATFORMS

In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.