Tuesday, September 25, 2007

eBay Forum Mysteriously Leaks Account Details on 1,200 Users

Dan Goodin writes on The Register:

Hackers brazenly posted sensitive information including home addresses and phone numbers for 1,200 eBay users to an official online forum dedicated to fraud prevention on the auction site.

The information - which also included user names and email, and possibly their credit card numbers and three-digit CVV2 numbers - was visible for more than an hour to anyone visiting the forum. The miscreants appeared to create a script that caused each user to log in and post information associated with the person who owned the account. The script spit out about 15 posts per minute, starting around 5:45 a.m. California time.

An eBay spokeswoman said the posts were not the result of a security breach on eBay and that the credit card numbers contained in the posts were not those eBay or PayPal had on file for those users. eBay representatives have begun contacting all users whose information was posted to head off any further fraud and to learn more about the attack.

More here.

0 Comments:

Post a Comment

<< Home