eBay Hacked and Information Shared on Forums

eBay has encountered quite a controversy. According to some reports, the site was hacked and personal information from over one thousand of its members was posted to the site. This information included phone numbers, home addresses, email addresses, user names and even credit card numbers.

Reports of the incident claim that this information was posted on several different threads within the eBay forums and remained there for several hours, despite the fact that the breach was reported within 15 minutes after the information was posted.

Apparently, eBay customer support responded to these reports by stating that “eBay is currently working with liveworld to remove the posts and get this fixed. Thanks for your patience and understanding.”

The message did very little to calm down users, understandably so. Apparently, the boards were flooded with messages from people demanding that the boards be shut down immediately. But, it eBay wanted to try to remove the posts instead. Finally, the company gave up on being able to remove the posts and ultimately shut the boards down for a period of time this morning – one hour after the threads containing sensitive user information had been posted. A little over five hours later, the boards were up and running again with the posts successfully removed.

eBay is now claiming that the situation was all an elaborate hoax and released this statement “Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over. The posts ALSO appeared to contain credit card information — however, these credit cards are not associated with financial information on file for these users at eBay or PayPal

eBay went on to claim that all of the information other than the credit card numbers was valid. It seems rather strange that a hacker would be able to get all of the other information right, but would fail to get the credit card numbers correct. Understandably, many eBay customers are suspicious of this claim.

On a good note, however, eBay customer service representatives are actually calling all of the members whose information was posted on the site. The purpose of these phone calls is to make sure the customers are aware that their information was posted and, just in case the account numbers were somehow valid, to advise the customers on how to protect against fraud or identity theft.

The reality is that eBay should protect its customers by claiming that the information is fake in hopes that no dishonest eBay user will take advantage of the information. So, whether the information was genuine or not, I applaud eBay for taking these steps to guarantee the safety of their customers.

You can protect yourself by dedicating one specific credit card for use on the web, and making sure it has a low credit limit. Never use the debit card that’s connected to your bank account online if you can possibly help it, and prevent someone from cleaning out your account before you know what’s happened.