informa
/
Attacks/Breaches
Quick Hits

Stolen eBay Account Booty Found

Over 5,000 pilfered accounts - mostly from newly registered, less active eBay user accounts

A cache of 5,534 stolen eBay log-ins was discovered yesterday -- likely the result of successful phishing scams, researchers say.

Researchers from FaceTime Security Labs contacted eBay, which was able to pull some of the data offline with the help of Google, which removed cached data in its search engine that included the stolen credentials.

Christopher Boyd, malware research director for FaceTime, blogged that most of the stolen accounts appeared to be those of newly registered users or ones with low feedback scores who don’t use eBay regularly. “These are prime targets for Phishers, because they're more likely to be fooled by fake logins,” Boyd said in his blog today.

And because many of these types of users tend to use the same log-ins for both eBay and PayPal, according to Boyd, their PayPal accounts also could be compromised. The stolen accounts were listed by eBay user name, password, and email account.

“Quite a lot of the accounts don't exist or are no longer registered users, but there's enough live accounts in there for this to be something of a worry (there also don't appear to be any duplicates, which is unusual for a collection this big),” Boyd blogged.

“I should mention, it's not just new EBayers that can be caught out by these kinds of scams - there were quite a few high scoring EBayers in the stolen logins too,” Boyd said.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • eBay Inc. (Nasdaq: EBAY)
  • Google (Nasdaq: GOOG)
  • FaceTime Communications Inc.
  • Recommended Reading:
    Editors' Choice
    Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
    Joshua Goldfarb, Director of Product Management at F5