Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Romanian Hacker Broadcasts eBay Customer Accounts

    By
    Lisa Vaas
    -
    March 10, 2007
    Share
    Facebook
    Twitter
    Linkedin

      eBay has confirmed that, early on the morning of March 8 EST, an alleged Romanian hacker calling himself “Born_To_Scam_American_Guys” posted records for 15 eBay users on an eBay forum for between 40-60 minutes before the company removed them.

      The posts were put up on the Trust & Safety board. According to other forum members who claimed to have taken part in the discussion and begged eBay to take down the information, the hacker signed in under a hijacked account and began taunting others, with the final result being the posting of the 15 accounts.

      According to Firemeg.com, a site dedicated to eBay watching, the post that kicked it all off appeared at 1:52 EST on the forum. The initial post, according to Firemeg.com, reads:

      “read many opinions here…. All I saw its just [misspelled obscenity]….Alot of things about scamms..stupid things I think. Romanian guys are the best boys !!!! We are in each country…each city…and every day alot of money from your pocket intro in pur bank accounts….You know why ?? I will tell you my opinion…because you are so stupid ….. anyone can scam you very easy….not only with fake escrow and shipping websites….

      “For us nothing is not imposibile….Paypal…bank accounts…credit cards…spam….wire transfers… alot of things boys !!! WHy ??? Because we are the best !!!! Lets ask you something : what make the american and canadian boys at 14-15 years old ????? Eat burgers at McDolnalds and watch naked girls on internet porno webpages…. Romanian guys at 14-15 years old scam people…learn how to build a profesional website….how to hack a internet server…and many more another “bad” things….

      /zimages/6/28571.gifClick here to read about a recent Trojan hidden in a phishing e-mail that uses legitimate eBay auction slide shows to lure victims.

      “Me , personally , receive every day between 1000 and 5000 eBay accounts from spam and hack…. Is so easy to stolen your eBay account and your Paypal…..is just a funny game for us……. Go to www.nopaypal.com and read the forum…. Romanian guys scam last year 10 milions sellers and buyers from USA and Canada with Paypal accounts….How ??? Paypal is very safe…. Good joke…. Is safe only in your dream boys…..!!!! HE HE HE !!!!!!!!

      “Lets me say you a unreal thing…. Is much easy to scam with Paypal….Westen Union is a little complicate now to scam….the police are very carefful with Western Union offices…. Last thing : Why big companies from internet market want only romanian guys to work for them ????? Because WE ARE THE BEST !!!!!!!!! Author : Born_To_Scam_American_Guys”

      According to Firemeg.com, shortly after the above posting was removed from eBay, Born_To_Scam_American_Guys posted another post, entitled: “Smart Americans.”

      “This time rather than brag or taunt, he simply provided proof that he does indeed have access to the information he referred to and the ability to use it,” said Firemeg.coms posting.

      The posting that ensued included Social Security numbers, credit card numbers, credit card verification numbers, bank account and routing numbers, ATM PIN numbers, mothers maiden names, birth dates, drivers license numbers, as well as home addresses and full contact information.

      Catherine England, a spokeswoman for eBay, said that only half the accounts were legitimate. The other half looked like fraudulent accounts based on verification information that didnt clear eBays verification process, she said. As for the half that were legitimate eBay accounts, eBay was in the process of contacting the victims as of Friday, March 9, 7:40 p.m. EST.

      Some of the victims eBay had managed to contact by that time said that all of the information posted about them was accurate, while others noted some inaccuracies, England said.

      Next Page: Information revealed not from eBay.

      Information Revealed not from


      eBay”>

      England also said that the information posted to the forum was not from eBays internal systems, given that it included information eBay does not collect: bank account numbers, PIN numbers, credit card verification numbers and so on.

      “Thats information we would never have,” England told eWEEK. “Nor would we have cause to have collected it. This person had posted to a discussion board, but we have no idea where he got [the data] from. … Most likely a phishing site or phishing scams.”

      Romanian hackers seem to either have it in for eBay or find eBay and its users easy targets—or both. For the past two months, a Romanian hacker using the handle “Vladuz” has been prancing through eBay, convincingly posing as an internal eBay moderator on eBay forums, posting lists of hijacked eBay accounts for sale, advertising copyrighted tools to hack eBay and partaking in his countrymans habit of taunting others. For a slideshow of his or her handiwork, click here.

      eBay claims that with all of the 15 accounts posted in this most recent incident, internal systems detected unauthorized access attempts. Thus, the accounts were locked down before the hackers posts were even made, England said.

      England declined to give examples of the suspicious behavior that triggered eBays internal fraud detection system, so as not to tip the companys hands to criminals who could modify their behavior to avoid detection.

      /zimages/6/28571.gifVladuz the phishing impaler sticks it to eBay. Click here to read more.

      “Its the typical antifraud behavior modeling,” she said. “If you give us information, we do verify [it]. If you give us credit card information that doesnt sync up with your name, were going to shut [the account] down.”

      eBay will continue to monitor the accounts to ensure that no more illicit access attempts are made, England said.

      eBay recommends use of the eBay toolbar, which has a warning that flashes red when users navigate to an illegitimate site.

      eBay Forum members were incensed at the idea that eBay had neglected to contact the eBay members about their information being breached. Indeed, if eBays internal systems had been breached and the customer information stolen through such means, eBay would be legally obligated to notify victims under Californias Security Breach Information Act.

      However, since the information revealed was not from eBay, as demonstrated by the inclusion of data eBay does not collect, eBay is not responsible for notifying victims.

      “Legally, eBays not responsible,” England said. “This is one of those situations where this isnt a breach of eBays systems or securities. Legally I dont believe we have an obligation to inform people. As a corporation eBay feels its the thing to do. We put the safety of our community first. If we feel one of our members information has been compromised, were going to contact them and let them know.”

      Regardless, people associated with Firemeg.com reached out to the victims before eBay did, to ensure that they knew of the breach. According to the site, at least one of the victims was distraught at the news.

      “One woman broke down and was near tears, if not fully crying, her voice trembling with each question she asked,” the site says. “She said that all information was correct and was current and that she was very scared. She couldnt even remember her eBay user ID or password. She said that she uses eBay during the holidays to buy gifts, and gets a new eBay ID each year because she ends up forgetting the password and/or username. She was terrified—Im sure due in part to the little she has heard about identity theft.”

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×