Yesterday morning, eBay’s Trust and Security forums got flooded with over 20-50 pages of posts containing account information for over 1,200 eBay users. In other words, eBay got hacked and the hacker used the forums as his way to expose all of the sensitive information he had. It wasn’t just user names that got posted either, it included credit card information, the users address, phone number, feedback, and more. eBay responded to this whole ordeal on the eBay Chatter forum saying that they were in the process of contacting all of the individuals involved by phone to inform them.
According to eBay’s response, the account information displayed was correct, but the credit card information provided for each of the users doesn’t match the credit card information that eBay has on file. That doesn’t mean though, that those credit card numbers don’t belong to the user. The hacker also made each of the postings in the forum appear as though it was the user whose information was getting exposed, that posted it. The image below to the left shows what the forum looked like as all of the information was posted, and the image to the right shows an example of the actual thread (click to enlarge):
Someone put together a YouTube video (without showing sensitive information) that documented the incident to expose the problem and make people aware that their information could have been compromised. Unfortunately, that video has since been removed from YouTube (some say eBay is trying to cover this up as best they can), but it has been posted to another site, and it’s embedded below:
Some of you are probably asking yourselves “Was my eBay account hacked?”If you’d like to make sure that your account information wasn’t compromised, check this list. It has many, although not all of the user IDs involved. eBay eventually shut down the Trust and Safety forum about 90 minutes after the whole ordeal started because they couldn’t delete the information faster than it was getting posted.
As you can imagine, scammers will likely use this situation by sending emails to eBay users warning them that they need to verify account information to keep their accounts secure due to what happened. Now is the perfect time to remind everybody to take extra caution so that your account doesn’t end up compromised! And hopefully eBay will be open with their community about what happened and how it happened, and what they plan to do to prevent another issue like this from happening after they’ve finished their investigation.