Headline reports: eBay hacked!

I think you'll find that eBay *are* answering questions. I phoned them today (eBay UK) and they were happy to fill me on on some details for our blog at http://www.tamebay.com/2007/02/ebay-was-not-hacked-this-weekend.html

If you need a contact at eBay in the UK drop me an email and I'll be happy to put you in touch ;-)

Was reading about this a short while ago at:

http://www.pheebay.com/forums/viewtopic.php?t=1209

It's being reported that many sellers are questioning eBay but little, if any info is being released officialy and eBay are trying to silence or censor genuine concerns when they are raised.

It seems a lot of accounts may have been hijacked and had spurious email contact info added to encourage off eBay (and therefore unprotected) sales.

Has someone on the inside enabled this mass hijacking? Instead of censoring discussion I wish eBay would tell us what they do know and what they don't. Trying to silence discussion just makes me more suspicious.

I've noticed an increased amount of "spams" or "phishing" supposedly from eBay and PayPal and they are definitely more sophisticated in nature. If I wasn't a "seasoned seller," I could easily be convinced that I needed to log on to my account and give out all sorts of information. I've also received several invoices the past few weeks of items I've purchased (including cars and camera equipment)...they've been forwarded on to spoof at PayPal and eBay, but there definitely are some pros at work at scamming eBayers.

Hey Chris! You have a phone number to actually speak to eBay? Wow! Are you current or former staff?

Typical eBay to pull any relative information that they have blown it big time... That's alright, they can't pull the discussion from here, pheebay or other areas where the truth will be revealed...

Funny, if you admit fault and take it like an ethical company, I think more people would understand... Keep covering stuff up, eBay... It only continues to hurt your "venue"...

"spamming the search engines with reports about the possible sale of Britney Spears' hair on the site."

LOL! I've noticed that too! Boo Hiss. Shame on you Ebay. Maybe if they spent time concentrating on resourcing their security team in stopping the fraudsters instead of trying to bury bad news via their PR team (and censorship of their forums) they wouldn't have to deal with the bad news in the first instance.

I just took a look at that Tamebay blog, there were a lot more than just 4 email addresses being used, some of them can be found in various caches on search engines but I counted at least 12 email addresses being used when I saw the active listings.

Hey Chris, looked at Tamebay they're wrong about the number of email addresses that were used. You can find them cached on the internet too. Granted some didn't differ by much, only a couple of numbers, like bogus1, bogus25, bogus19 and so on but there were at least a dozen of them.

Of course, I forgot, it took eBay UK so long to react that many of the listings came to a natural end, perhaps eBay missed getting most of the email addresses.

Well, this somehow does not come as a surprise. It wasn't that long ago that PayPal had loose code that allowed hackers to gain some information they should not have had. eBay isn't super big on security - at least, not as big as they NEED to be!

We closed our store there last November, after their repeated failing to unblock our ID left us invisible. They finally found that we were right, and unblocked us, two months AFTER we had to close the store. We were also blocked from the boards, because we dared to speak our minds.

So, not really surprising that they'd simply delete the posts they didn't want others to read. Too bad they don't realize that many of us have long since learned to SAVE the board threads via other means, both text and screen prints, because of their itchy delete fingers!

As far as the Spears hair thing - they didn't need to start a rumor - it was already on the news in the wee hours of the morning that Britney had cut her hair herself, and it was now selling on eBay.

I guess one of the new mgmt perks this year will be private bodyguards if they keep torking off everyone!

Meanwhile, we've taken our business elsewhere, and like it just fine. While I miss the eBay sales, which were more regular than the other venues, at least I don't have to mess with their non-stop nonsense, spam, fees and restrictions.

eBay, you aready shot yourself in the foot last August. Why not admit that the road you're on isn't working out too well, and turn around? It isn't too late - yet. Keep going "forward" without fixing the old problems, and you are in for one heck of a time.... hope those golden parachutes are working!

I think the main thing to consider is that those victims stepped outside of the relatively saef environment eBay provides when they chose to violate the obvious rules on eBay and contact the "sellers" directly. In trying to weasel around the rules, they put themselves at risk. There's a reason those rules are in place and that those fees are paid.

"I told you so." There, now I feel better. I've been posting to this and other blogs for almost a year about eBay's failed security and fraud on the site. Most of the time my posts are met with the same "shutup, eBay is great, and there is no fraud," attitudes.

Anyway, the real story here is not that accounts were hijacked, but rather than eBay is trying to cover it up. There have been hundreds of posts to the eBay community forums pulled by management over the past week concerning this issue and the issue of the cached list of user ID's that was "mistakenly" put on the internet by an eBay third party developer.

Here is the story about the third party snafu: http://blog.auctionbytes.com/cgi-bin/blog/blog.pl?/comments/2007/2/1171726205.html#comments

And here is the list of user ID's that Google cached:
http://72.14.203.104/search?q=cache:seT2g4au45UJ:www.prosperpoint.com/jeff/decrypted_ebay_creds.txt+site:prosperpoint.com&hl=en&ct=clnk&cd=33&gl=us

There are issues at eBay, and it was only a matter of time until they surfaced in the media. eBay needs to suck it up and admit these mistakes rather than trying to burry them under the rug via censorship.

This blog was edited just after being posted. See a screen capture of the original over here:
http://www.ebaymotorssucks.com/trevtan69.htm

Another interesting thread where Vladuz hacked eBay.de and a copy of the intimidation email eBay sent to a German publishers web host!
http://www.ebaymotorssucks.com/rflello.htm

I guess the truth hurts!

I have received numerous invoices from ebay regarding my purchase of Dell computers which I did not purchase.

Too bad I didn't save the name and address info, which I am sure is phoney as well......would like you all to see it.

Watch very carefully......if it smells bad it usually is.

This doesn't surprise me in the least little bit. One, that eBay has lax security measures and two, that they're trying to cover it up. Any ethical company would notify the affected parties and advise them to at least change their password and double check their accounts. I get more and more appalled each time something like this happens. Oh, and Chris...you are so transparent.

More sensationalist BS from Gary Sattler and the anti-ebay mob. If you actually read the article you linked to, it is clear that ebay has not been hacked at all. The problem, as in most cases, lies in user stupidity and greed.

"It is thought the hackers pretended to be eBay support staff to fool sellers of high-value goods into giving them log-in and password details."

1. Stupid seller. Gives away login and password details to an anonymous third party, probably via some sort of phishing attack against the user. Despite ebay regularly telling users never to give their username and password to anyone ever.

"Victims may be unprotected because they made deals directly instead of through eBay."

2. Stupid, greedy buyers. Links inserted into the auctions encouraging them to buy off ebay and they take the bait thinking they will save a few bucks. Despite being told by ebay never to get involved in "off-ebay" transactions.

Please oh high and mighty lord and protector of the little guy, Mr Gary Sattler. Please explain how ebay can better protect stupid and greedy people from their own greed and stupidity. And please also explains how this story merits a sensationalist misleading headline like "ebay hacked".

Awaiting your considered response.

Hopefully they will catch the people who do these things.
http://www.thedessertcafe.com

Another day, another scam on eBay. I just listed my computer on sale last week and got tons of offers from eBay scammers of Nigeria. Now what kind of online auctions policy does eBay have in place to counter these scams?

http://www.myauctionfeedback.com/blindauctions/

There is a lot of scams originating from Nigeria, Africa. Not only is Ebay having a problem but Roommates.com is experiencing large amounts of scams. One scam is the Money Order Deal. They send you a Money Order more than what is needed and expect you to send the surplus money right away by Western Union. But the Money Order is Forgery a Fake.

Interested Investor, the title of my blog was a direct reference to the title of the news piece I pulled it from.

And the fact of the matter is, if you had been able to read my blog copy as it was sent to my editors, you would have gotten a much better picture of the gravity of the situation. This story wasn't about some scam sales or phishing attacks.

Internal eBay data handling has been compromised.

Get used to it. Thanks!

This smells very phishy!

So, let me get this right, last week an Ebay 'insider' spills 100s of Ebay and IDs onto the internet. And Subsequently, a week or so later, 100s of IDs suddenly become hijacked.

All of the sudden, the Ebay spin-doctors (as well as members from FOEB - The Federation of Ebay Businesses #2 #13) are mobilised to tow the 'official' Ebay line of 'stupid customer giving their details away'.

Letting slip the customer details on the net in the first place is bad enough, but the subsequent attempted cover-up is criminal.