Ebay anti-fraud forum becomes stage for hackers
Hackers have posted personal information on 1,200 Ebay customers to an Ebay forum, dedicated, ironically, to fraud prevention.
The information was up for around an hour this morning before Ebay shut the forum down and displayed email details, CVV2 numbers, telephone numbers, home addresses and possibly credit card details to visitors.
Ebay says the information was not acquired through a breach of its security and suggests it was likely obtained through phishing or account takeovers. The company also says that the credit card details displayed do not match those on either its own or PayPals servers.
The auction site is currently trying to contact the users whose details were posted and the Trust and Safety board on which the information was shown has since been reopened.
“Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users,” the company reports in its blog.
“The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid.”
“We’re in the process of reaching out by phone to these members so that if the information is valid somehow, regardless how this fraudster acquired the information, these members can take the steps they need to take to protect themselves.”