Ebay Hacked, User Info Posted 242
An anonymous reader writes "This morning a hacker posted the personal contact information and credit card data of 1,200 ebay users on the eBay.com Trust & Saftey forums. eBay pulled the Trust & Safety forums off line, but not before one user made a video of the hacked forums and posted it on youtube.com. eBay response is on the eBay chatter page, and seems to try and down play this "fraudster"'s activity."
Fraudster? (Score:5, Insightful)
When will EBay notify? (Score:5, Insightful)
Re:Fraudster? (Score:3, Insightful)
Re:When will EBay notify? (Score:5, Insightful)
Even as it stands, unless E-bay can show beyond a shadow of a doubt that only those posted were the ones stolen, anyone credit card number that e-bay has should be held as suspect for potentially having been stolen. Ebay has really dropped the ball. It will be interesting to see how they scramble to deal with this.
No big deal. (Score:5, Insightful)
1200 posted but where ALL accounts compromised? (Score:1, Insightful)
Re:Fraudster? (Score:5, Insightful)
This kind of behaviour is reprehensible. If you wanted to let EBay know they have a security problem, tell them, anonomously if you must, but posting other peoples indentifying information is like shooting an automatic weapon into a crowd of innocent people. I think along with fines, restrictions and imprisonment, spanking should be added to the list of punishments for this type of behavior.
Re:Fraudster? (Score:5, Insightful)
Re:hacked? (Score:3, Insightful)
They have an open redirector that anyone can use to help hide the destination url.
Normaly I would blast someone for posting fishing links on other webpages, but I would trust slashdot users to not fall for it
Re:Virtual credit card (Score:2, Insightful)
Re:Fuck you. My account has been fucked over. (Score:3, Insightful)
And to you I would say - stop being so lazy and using the same passwords for all your important financial accounts. If your account really did get drained, it is at the very least partially your fault for not using unique, strong passwords. How is ebay responsible for your lack of security planning??
I wonder ... (Score:5, Insightful)
Given that Ebay's response is along the lines of "It's a hoax, our security is fine, don't worry" I really wonder if keeping things like this under wraps is enough to keep companies like Ebay honest. I'm not optimistic since any admissions on their part cost them money, dent their public image, may cost them customers, and could make them easier to sue in case accounts are abused (either before or after the data becomes public).
Of course it's irresponsible to publish this sort of information (credit-card numbers, contact details) on the web. And yes ... perhaps there should be an independent authority (e.g. the police, the FBI) where you can go with your information and be certain that action will be taken instead of making it accessible to the world and his dog.
In the absence of a clear-cut authority to report to I'm still not quite convinced that the "shock-and-awe" effect of bluntly putting the data on the web isn't needed to prod Ebay into action to take measures.
Re:Fuck you. My account has been fucked over. (Score:3, Insightful)
EBay's behavior is consistently reprehensible. (Score:2, Insightful)
This kind of behaviour is reprehensible. If you wanted to let EBay know they have a security problem, tell them, anonomously if you must, but posting other peoples indentifying information is like shooting an automatic weapon into a crowd of innocent people. I think along with fines, restrictions and imprisonment, spanking should be added to the list of punishments for this type of behavior.
It is EBay's behavior that is reprehensible. We have no evidence whether or not the person tried to tell EBay, but, based on my experience, EBay would do nothing whatsoever about it, other than perhaps try to harass the person who tried to report it. So how else should someone let people know how reprehensible EBay's so-called security is, not to mention their many other policies allowing customers to be abused by merchants?
Fortunately for EBay, there are a great many fools left who continue to use their service
Re:Just beautiful. (Score:3, Insightful)
Maybe they could get it from my credit card company, but if they did my credit card company would be losing my business.
CC numbers are probably valid (Score:2, Insightful)
The Register contacted at least two of the people whose info was posted and they confirmed their accounts had been hacked.
See the story here [theregister.co.uk].
As for the credit card numbers not belonging to the people affected my first thought was the hacker posted the correct contact info but, perhaps to be benevolent, scrambled the credit card numbers. In other words, the card numbers displayed are correct but they're just shown as belonging to someone else. eBay may be realizing this now when they search their databases for the people those numbers really belong to.