Ads by TechWords

See your link here
Receive the latest technology news and information.
Networking
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Phishing likely to blame for eBay members' data theft

Auction site's systems were not hacked

September 28, 2007 12:00 PM ET

IDG News Service - EBay Inc.'s security experts have determined that it's highly likely that whoever posted confidential information about the auction Web site's members in a company discussion forum this week stole the data via an e-mail phishing scam, an eBay spokeswoman said.

The perpetrator of the data disclosure on about 1,200 eBay members didn't hack into eBay systems, spokeswoman Nichola Sharpe said in an e-mail yesterday, reiterating an assurance eBay made when the incident happened on Tuesday.

EBay is working with law enforcement to take action against the fraudster, she said, while declining to answer whether the person has been identified or caught. Because the situation is delicate, eBay can't fully disclose the information it has gathered, she said.

Sharpe also defended eBay's reaction to the incident, in which a malicious user posted members' personal information, including names, addresses, user IDs and, apparently, credit card numbers on the company's Trust & Safety discussion forum.

In a discussion forum thread, some eBay members have criticized the vendor for, in their view, taking too long to shut down the forum used by the fraudster.

EBay took the Trust & Safety forum offline about an hour after the fraudster began posting the confidential data.

Regarding the credit card numbers, eBay now knows they didn't belong to the affected members and is fairly certain that the numbers weren't valid at all. "We have reason to believe this data was falsified to cause public concern," Sharpe said.

EBay hasn't been able to determine when the phishing scam may have taken place, Sharpe said, while declining to comment on whether the data theft may involve more than the 1,200 members whose information was listed.

Sharpe declined to answer whether eBay plans to implement changes to its discussion forums so that potentially malicious postings or suspicious activities can be automatically flagged and alerts triggered.

She also declined to comment on whether eBay has any theories on why the fraudster would choose to disclose the stolen data in such a public and brazen manner.

As part of its investigation, eBay has contacted the affected users by telephone.

In an official blog posting Wednesday night, an eBay staffer urged users to be mindful about phishing scams and how to avoid falling victim to them.

Sharpe said eBay shuts down more than two-thirds of phishing spoof sites in under 24 hours.

"There is no silver bullet to stop spoofing and phishing -- these are Internet problems, which is why eBay collaborates with numerous third parties such as universities, industry leaders and law enforcement to ensure eBay is a safe, transparent place to shop," she said.

EBay members should always check their "My Messages" queue to verify any e-mail from eBay concerning their account. "If an e-mail affects your eBay account, it's in My Messages. If you get an e-mail that looks like it's from eBay about a problem with your account or requests personal information and it's not in My Messages, it's a fake e-mail," she said.

Suspicious e-mails should be reported to these mailboxes: spoof@ebay.com or spoof@paypal.com.

"Never click on a link or reply to e-mails that ask for personal information. EBay and PayPal will never ask you for your account or credit card details, username or password in any communications," she said.

It's also advisable for members to change their passwords frequently.

More information about safety measures on eBay can be found on eBay's Web site.


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Jump to comments

ebay

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

A Green Architectural Strategy That Puts IT in the Black
Levergage green computing across your data center. Read more now.  

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.

Quantifying the Business Value of VMware View
Learn why you should invest in a centralized virtual desktop.  

Asia-Pacific Enterprise Network Solutions
Learn through this Webcast how your business can achieve reliability, performance and value in hard-to-reach locations within the Asia-Pacific region.

Mainsoft Webcast w/ Forrester Research: Drive SharePoint Adoption in Lotus Notes Shops
How can you drive mainstream user adoption of Microsoft SharePoint when your users rely on Lotus Notes?


IT Jobs