Stolen eBay Account Booty Found

Over 5,000 pilfered accounts - mostly from newly registered, less active eBay user accounts

Dark Reading Staff, Dark Reading

October 13, 2008

1 Min Read

A cache of 5,534 stolen eBay log-ins was discovered yesterday -- likely the result of successful phishing scams, researchers say.

Researchers from FaceTime Security Labs contacted eBay, which was able to pull some of the data offline with the help of Google, which removed cached data in its search engine that included the stolen credentials.

Christopher Boyd, malware research director for FaceTime, blogged that most of the stolen accounts appeared to be those of newly registered users or ones with low feedback scores who don’t use eBay regularly. “These are prime targets for Phishers, because they're more likely to be fooled by fake logins,” Boyd said in his blog today.

And because many of these types of users tend to use the same log-ins for both eBay and PayPal, according to Boyd, their PayPal accounts also could be compromised. The stolen accounts were listed by eBay user name, password, and email account.

“Quite a lot of the accounts don't exist or are no longer registered users, but there's enough live accounts in there for this to be something of a worry (there also don't appear to be any duplicates, which is unusual for a collection this big),” Boyd blogged.

“I should mention, it's not just new EBayers that can be caught out by these kinds of scams - there were quite a few high scoring EBayers in the stolen logins too,” Boyd said.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights