EBay: online hacker stole customers' data

[InfoSec News <isn () c4i org>]

http://washingtontimes.com/upi-breaking/20040316-124532-6763r.htm

March 16, 2004 

SAN JOSE, Calif., March 16 (UPI) -- California's eBay says online con
artists stole customer information that may make a common e-mail scam
even more dangerous.

Hackers tricked several online merchants who use eBay's PayPal payment
system into disclosing their user names and passwords, then logged
onto the merchants' accounts to download lists of customer names,
e-mail addresses, home addresses and transactions, the San Francisco
Chronicle reported Tuesday.

EBay did not disclose how many customers had their information stolen,
but a spokesman said it constitutes a small percentage of the
service's 40 million registered users.

No credit card information, Social Security numbers or other financial
details were compromised because that information is encrypted and
kept on servers not accessible to merchants.

Still, eBay fears the information will be used to trick customers into
giving up their credit card information in an e-mail scam known as
"phishing" or "spoofing."

The scam results in e-mail users getting messages purportedly from
PayPal or other businesses saying they need to verify personal
information.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.