EBay Probes into Personal Data Exposure in its Site

On September 25 2007, the Trust and Safety Discussion Board of eBay, a platform for sharing public comments, suddenly displayed the personal information and names of nearly 1,200 users of the site. The information also included their credit card numbers. EBay responded by quickly closing down its discussion board.

For hours that followed, the security team at eBay conducted an investigation to confirm whether the leaked information was due to a hack in the past into eBay's computer network. While some people suspect eBay of covering up its deficiencies, the online auction site is trying to explain why they do not believe that this incident was not related to any hack into its systems. EBay is also calling up the 1,200 users individually over phone and explaining them the situation.

While eBay doubts the validity of these credit cards, research also suggested that they probably weren't valid, said eBay, September 27, 2007.

There are no possibilities of server breaches at eBay, said Catherine England, an eBay spokeswoman. PC World published England's statement on September 27, 2007. England thought the incident could be part of identity theft or phishing scam given that there are above 241 Million users of eBay worldwide. EBay often falls prey to phishers' and fraudsters' targets, England added.

Nichola Sharpe, spokesperson of eBay, said on September 25, 2007 that posts appearing on the Trust and Safety Board that morning showed contact information of 1,200 members of eBay. Sharpe described the person putting up the information on the board as a fraudster with malicious intent. Ecommonwire.com reported this on September 25, 2007. Sharpe insisted that while no security breach was responsible for the incident, it could have been a result of the account takeover.

Sharpe further said that the displayed credit card information had no association with users' financial information filed with PayPal or eBay. He said via e-mail that eBay was proactively getting in touch with its members over phone to provide security tips to them. So that if, somehow, the information posted is valid, the members could adopt ways to safeguard their information, Sharpe said. PC World published this on September 27, 2007.

Related article: eBay Announces Its New “Safeguarding Member IDs” Project

» SPAMfighter News - 10/11/2007