The fraudster on Tuesday posted the data – which included names, contact information and credit card numbers – to make it look as though they originated from the victims themselves.
Through an investigation, eBay today determined that none of the credit card numbers leaked on the Trust & Safety forum were genuine, although the names and contact information were, said Nichola Sharpe, an eBay spokeswoman.
"eBay has reason to believe that this data was falsified to cause public concern," she said today in an email to SCMagazineUS.com, declining to speculate on the fraudster's motives.
Sharpe said the data that was legitimate, including names and email addresses, was possibly "obtained as part of an account takeover."
eBay is notifying victims about the leak.
The forum was quickly taken offline Tuesday, but not before one person recorded video of the incident and posted it to YouTube.
Faizel Lakhani, vice president of products at Reconnex, told SCMagazineUS.com today that companies such as eBay can deploy software to crawl their servers and search for sensitive data posted to public places, such as hosted forums.
"I'm kind of surprised they don't have automated mechanisms to see this," he said.
Sharpe said eBay works diligently to prevent such attacks.
"As background, eBay has over 2,000 trust and safety experts worldwide working to ensure the site is secure, but every day eBay faces external threats working to compromise their systems," she said.
"After learning of this situation, eBay reacted quickly to it and proactively contacted the users who were potentially affected."
See original article on SC Magazine US
eBay hacker posts fake credit card numbers to site's security forum
By Dan Kaplan on Sep 27, 2007 9:44AM