1,200 eBay Members Were Victims of Phishing Scam, Not Data Breach, eBay Contends
The confidential information of 1,200 eBay members wound up on a public discussion board:
The perpetrator of the data disclosure on about 1,200 eBay members didn’t hack into eBay systems, spokeswoman Nichola Sharpe said in an e-mail interview, reiterating an assurance eBay made when the incident happened on Tuesday.
eBay is working with law enforcement to take action against the fraudster, she said, while declining to answer whether the person has been identified or caught. Because the situation is delicate, eBay can’t fully disclose the information it has gathered, she said.
Sharpe also defended eBay’s reaction to the incident, in which a malicious user posted members’ information like names, addresses, user IDs and, apparently, credit card numbers on the company’s Trust & Safety discussion forum.
In a discussion forum thread, some eBay members have criticized the vendor for, in their view, taking too long in shutting down the forum used by the fraudster.
eBay took the Trust & Safety forum offline about an hour after the fraudster began posting the confidential data.
Phishing is a constant threat for any online user and eBay and PayPal members are often recipients of phishing attempts. Here is a screen shot of a typical eBay phishing email:
As always, Privacy Maven recommends the helpful resources of the Anti-Phishing Working Group to stay apprised of current phishing scams.