BreachExchange mailing list archives
Re: (update) eBay forum mysteriously leaks account details on 1, 200 users
From: "Avery Sawaba" <avery.sawaba () gmail com>
Date: Wed, 26 Sep 2007 00:21:48 -0400
If this information is accurate, this is a BIG deal, as NOONE should EVER be storing CVV2 information. Ebay would be in big trouble with VISA, Mastercard, etc, as this is one of the most capital sins in credit card handling practices. You only use security codes for real-time verification. It should never be stored. Apologies for all the CAPS, and I hope this is all faked data. Scary to think a big name like Ebay would be foolish enough to save CVV2/CVC2 codes. --Sawaba On 9/25/07, lyger <lyger () attrition org> wrote:
http://www.theregister.co.uk/2007/09/25/ebay_account_details_published/ Hackers brazenly posted sensitive information including home addresses and phone numbers for 1,200 eBay users to an official online forum dedicated to fraud prevention on the auction site. The information - which also included user names and email, and possibly their credit card numbers and three-digit CVV2 numbers - was visible for more than an hour to anyone visiting the forum. The miscreants appeared to create a script that caused each user to log in and post information associated with the person who owned the account. The script spit out about 15 posts per minute, starting around 5:45 a.m. California time. An eBay spokeswoman said the posts were not the result of a security breach on eBay and that the credit card numbers contained in the posts were not those eBay or PayPal had on file for those users. eBay representatives have begun contacting all users whose information was posted to head off any further fraud and to learn more about the attack. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
_______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- (update) eBay forum mysteriously leaks account details on 1, 200 users lyger (Sep 25)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Avery Sawaba (Sep 25)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Arsen Shirokov (Sep 26)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Avery Sawaba (Sep 26)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Cory Gould (Sep 26)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Avery Sawaba (Sep 26)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Arsen Shirokov (Sep 26)
- Re: (update) eBay forum mysteriously leaks account details on 1, 200 users Avery Sawaba (Sep 25)