eBay has confirmed that, early on the morning of March 8 EST, an alleged Romanian hacker calling himself “Born_To_Scam_American_Guys” posted records for 15 eBay users on an eBay forum for between 40-60 minutes before the company removed them.
The posts were put up on the Trust & Safety board. According to other forum members who claimed to have taken part in the discussion and begged eBay to take down the information, the hacker signed in under a hijacked account and began taunting others, with the final result being the posting of the 15 accounts.
According to Firemeg.com, a site dedicated to eBay watching, the post that kicked it all off appeared at 1:52 EST on the forum. The initial post, according to Firemeg.com, reads:
“read many opinions here…. All I saw its just [misspelled obscenity]….Alot of things about scamms..stupid things I think. Romanian guys are the best boys !!!! We are in each country…each city…and every day alot of money from your pocket intro in pur bank accounts….You know why ?? I will tell you my opinion…because you are so stupid ….. anyone can scam you very easy….not only with fake escrow and shipping websites….
“For us nothing is not imposibile….Paypal…bank accounts…credit cards…spam….wire transfers… alot of things boys !!! WHy ??? Because we are the best !!!! Lets ask you something : what make the american and canadian boys at 14-15 years old ????? Eat burgers at McDolnalds and watch naked girls on internet porno webpages…. Romanian guys at 14-15 years old scam people…learn how to build a profesional website….how to hack a internet server…and many more another “bad” things….
“Me , personally , receive every day between 1000 and 5000 eBay accounts from spam and hack…. Is so easy to stolen your eBay account and your Paypal…..is just a funny game for us……. Go to www.nopaypal.com and read the forum…. Romanian guys scam last year 10 milions sellers and buyers from USA and Canada with Paypal accounts….How ??? Paypal is very safe…. Good joke…. Is safe only in your dream boys…..!!!! HE HE HE !!!!!!!!
“Lets me say you a unreal thing…. Is much easy to scam with Paypal….Westen Union is a little complicate now to scam….the police are very carefful with Western Union offices…. Last thing : Why big companies from internet market want only romanian guys to work for them ????? Because WE ARE THE BEST !!!!!!!!! Author : Born_To_Scam_American_Guys”
According to Firemeg.com, shortly after the above posting was removed from eBay, Born_To_Scam_American_Guys posted another post, entitled: “Smart Americans.”
“This time rather than brag or taunt, he simply provided proof that he does indeed have access to the information he referred to and the ability to use it,” said Firemeg.coms posting.
The posting that ensued included Social Security numbers, credit card numbers, credit card verification numbers, bank account and routing numbers, ATM PIN numbers, mothers maiden names, birth dates, drivers license numbers, as well as home addresses and full contact information.
Catherine England, a spokeswoman for eBay, said that only half the accounts were legitimate. The other half looked like fraudulent accounts based on verification information that didnt clear eBays verification process, she said. As for the half that were legitimate eBay accounts, eBay was in the process of contacting the victims as of Friday, March 9, 7:40 p.m. EST.
Some of the victims eBay had managed to contact by that time said that all of the information posted about them was accurate, while others noted some inaccuracies, England said.
Information Revealed not from
England also said that the information posted to the forum was not from eBays internal systems, given that it included information eBay does not collect: bank account numbers, PIN numbers, credit card verification numbers and so on.
“Thats information we would never have,” England told eWEEK. “Nor would we have cause to have collected it. This person had posted to a discussion board, but we have no idea where he got [the data] from. … Most likely a phishing site or phishing scams.”
Romanian hackers seem to either have it in for eBay or find eBay and its users easy targets—or both. For the past two months, a Romanian hacker using the handle “Vladuz” has been prancing through eBay, convincingly posing as an internal eBay moderator on eBay forums, posting lists of hijacked eBay accounts for sale, advertising copyrighted tools to hack eBay and partaking in his countrymans habit of taunting others. For a slideshow of his or her handiwork, click here.
eBay claims that with all of the 15 accounts posted in this most recent incident, internal systems detected unauthorized access attempts. Thus, the accounts were locked down before the hackers posts were even made, England said.
England declined to give examples of the suspicious behavior that triggered eBays internal fraud detection system, so as not to tip the companys hands to criminals who could modify their behavior to avoid detection.
“Its the typical antifraud behavior modeling,” she said. “If you give us information, we do verify [it]. If you give us credit card information that doesnt sync up with your name, were going to shut [the account] down.”
eBay will continue to monitor the accounts to ensure that no more illicit access attempts are made, England said.
eBay recommends use of the eBay toolbar, which has a warning that flashes red when users navigate to an illegitimate site.
eBay Forum members were incensed at the idea that eBay had neglected to contact the eBay members about their information being breached. Indeed, if eBays internal systems had been breached and the customer information stolen through such means, eBay would be legally obligated to notify victims under Californias Security Breach Information Act.
However, since the information revealed was not from eBay, as demonstrated by the inclusion of data eBay does not collect, eBay is not responsible for notifying victims.
“Legally, eBays not responsible,” England said. “This is one of those situations where this isnt a breach of eBays systems or securities. Legally I dont believe we have an obligation to inform people. As a corporation eBay feels its the thing to do. We put the safety of our community first. If we feel one of our members information has been compromised, were going to contact them and let them know.”
Regardless, people associated with Firemeg.com reached out to the victims before eBay did, to ensure that they knew of the breach. According to the site, at least one of the victims was distraught at the news.
“One woman broke down and was near tears, if not fully crying, her voice trembling with each question she asked,” the site says. “She said that all information was correct and was current and that she was very scared. She couldnt even remember her eBay user ID or password. She said that she uses eBay during the holidays to buy gifts, and gets a new eBay ID each year because she ends up forgetting the password and/or username. She was terrified—Im sure due in part to the little she has heard about identity theft.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.