eBay hacker posts fake credit card numbers to site's security forum

By

Investigators at eBay believe a fraudster was trying to generate panic when he posted what appeared to be the credit card numbers for 1,200 members to an eBay forum that deals with user safety and security.

eBay hacker posts fake credit card numbers to site's security forum
The fraudster on Tuesday posted the data – which included names, contact information and credit card numbers – to make it look as though they originated from the victims themselves.

Through an investigation, eBay today determined that none of the credit card numbers leaked on the Trust & Safety forum were genuine, although the names and contact information were, said Nichola Sharpe, an eBay spokeswoman.

"eBay has reason to believe that this data was falsified to cause public concern," she said today in an email to SCMagazineUS.com, declining to speculate on the fraudster's motives.

Sharpe said the data that was legitimate, including names and email addresses, was possibly "obtained as part of an account takeover."

eBay is notifying victims about the leak.

The forum was quickly taken offline Tuesday, but not before one person recorded video of the incident and posted it to YouTube.

Faizel Lakhani, vice president of products at Reconnex, told SCMagazineUS.com today that companies such as eBay can deploy software to crawl their servers and search for sensitive data posted to public places, such as hosted forums.

"I'm kind of surprised they don't have automated mechanisms to see this," he said.

Sharpe said eBay works diligently to prevent such attacks.

"As background, eBay has over 2,000 trust and safety experts worldwide working to ensure the site is secure, but every day eBay faces external threats working to compromise their systems," she said.

"After learning of this situation, eBay reacted quickly to it and proactively contacted the users who were potentially affected."

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?