posted on September 25, 2007 12:22:31 PM
You can get the details from this thread. Scary! I've changed all my information including cc numbers. I'm taking no chances. eBay did their usual cover up.
eBay Shuts Trust & Safety Board after Credit Card Numbers Exposed
By Ina Steiner
AuctionBytes.com
September 25, 2007
eBay shut down an entire discussion board devoted to Trust & Safety issues after someone began posting confidential user information. Someone using multiple User IDs began listing information purported to be eBay users' private and financial data on the Trust & Safety discussion board. Mark, a user who says he posts regularly on the board, said he noticed the problem at 8:50 am Eastern on Tuesday and called his eBay representative about 20 minutes later after he saw the posts remained. He said it took about an hour for the posts to be removed, and minutes later, the entire board was taken down.
The person posted using several IDs that look like they had been hijacked from legitimate users. The subject line of each thread began with the letters "Wheeeeeeeeeeeeeeeeeeeee" followed by six numbers.
Mark said regular users who were posting on the board while the incident was taking place suspected that eBay may have been hacked, and he said some believed it was a scammer named Vladuz that has tormented eBay in the past. eBay has denied that Vladuz has ever hacked into its system (http://www.auctionbytes.com/cab/abn/y07/m02/i22/s03).
AuctionBytes was able to view the forum and several posts before they were removed. While most data looked like it could have been obtained through phishing campaigns, the posts also included fields labeled "Id verified" and "Store" along with a time-date stamp of the user registration. The accuracy of the information has not been verified by AuctionBytes.
NOTE: Please check back during the day as we will update this story as it develops.
Also see the AuctionBytes blog:
http://blog.auctionbytes.com/cgi-bin/blog/blog.pl?/pl/2007/9/1190743667.html
TO THOSE WHO THINK I'M TRYING TO STEAL THEIR ID'S - FEEL BETTER NOW???????????????
Cheryl
[ edited by CBlev65252 on Sep 25, 2007 06:23 PM ]
posted on September 25, 2007 12:34:51 PM
You can find a partial list of compromised ID's here. As stated in the list, if your name isn't here, it doesn't mean you are safe!
posted on September 25, 2007 12:51:42 PM
The link is probably and scam. You shouldn't click on funny urls, they can record your keystrokes and get your passwords.
posted on September 25, 2007 12:51:47 PM
Do you mean my links? I get them okay. If you go onto Seller Central or the Jewelry boards there are discussion threads on the issue.
posted on September 25, 2007 12:59:22 PMYou shouldn't click on funny urls, they can record your keystrokes and get your passwords.
Mel - Let me introduce myself, I'M NOT A SCAMMER. THEY AREN'T FUNNY URLS. Tiny URL is a site that takes long URLs and makes them small. This is not a scam. You didn't read the article I posted? The news has also gotten a hold of the story.
You are exactly the kind of eBayer eBay likes. One that doesn't believe they could ever do anything to compromise you. Geesh.
Cheryl
[ edited by CBlev65252 on Sep 25, 2007 12:59 PM ]
posted on September 25, 2007 01:40:10 PM
Mel is correct about tinyurl and similar services. I never click on tiny urls and advise others not to as well.
All of which is independent of whether or not Cheryl is a trusted authority or whether eBay has actually been hacked.
Ina "print first, retract later" Steiner makes her living off spreading rumors to get people to visit her site.
posted on September 25, 2007 02:12:08 PM"Mel is correct about tinyurl and similar services. I never click on tiny urls and advise others not to as well."
As far as I know, TINY URL has been providing a wonderful FREE service for at least 5 years, and I've never encountered anybody warning about any kind of security issues with their very helpful service...
Perhaps you could kindly cite something somewhere to back up this rather sweeping condemnation of TINY URL?
posted on September 25, 2007 02:13:05 PM
Hello.
I never called anyone here a scammer. But you can unknowingly click a link that will cause you grief. I've been selling on eBay over 9 years so I am no innocent newbie dope. I was told by ebay after my account password was hacked that when you click on links in fishing emails and go to a site even if you don't fill in your personal info they can record your keystrokes and get any passwords you enter and I believe it 'cause that's how it must have happend to me. I used to click on the links to see if the site the fishing emails linked to was down, to see if I sould bother reporting it to ebay. Now I just forward the funny emails to [email protected] and never click the links. I'm not familiar with tiny, never heard of it so I'm not clicking the link. Is it an online auction industry site many are familiar with? I'll go ask at the how cafe.
Edited to add: I think it's interesting to see that eBay has chosen to address this in a blog, rather than on the General or System Announcements Board- An attempt to keep it low profile?
[ edited by pixiamom on Sep 25, 2007 02:29 PM ]
Use TinyURL to Create Tiny Web Addresses
February 12, 2007 02:15 PM ET
"We've all been frustrated by long Web addresses, like the one that will get you a recent column of mine: http://www.usnews.com/usnews/biztech/davesdownload/archive/070124/atomic
age_clocks_that_set_them.htm
Yuk. That would rarely work in an E-mail, with line breaks messing it up, as we all know from friends and relatives trying to forward Web links that just don't work. So check out www.tinyurl.com, which you may have noticed is behind a lot of the links mentioned in these columns. For example, that nasty Web link above becomes a simple: http://tinyurl.com/377xnx.
The service is free and reliable. TinyURL also offers a plug-in for your browser's toolbar. That makes it as easy as clicking on your toolbar to generate a short URL. Other services, such as www.snipurl.com, offer even more sophisticated tools, such as choosing a keyword at the end, so the link to that column becomes http://snipurl.com/atomicclocks.
The services promise to store the links permanently. Problems can arise, most often when the address of the original Web page gets changed. Also, the services could disappear, as do many Web services, leaving your shortened links in limbo. But TinyURL, for one, appears to be a survivor–with millions of hits, the site is making money for its founder, Kevin Gilbertson, who developed it while a student at the University of Minnesota. He's making enough money that he recently bought a competitor, www.makeashorterlink.com, which reportedly developed the idea even before Gilbertson. But with its shorter address, TinyURL was apparently easier for people to remember, even as it makes it unnecessary for us to remember other, long URLs."
posted on September 25, 2007 02:42:27 PM
The posts ALSO appeared to contain credit card information -- however, these credit cards are not associated with financial information on file for these users at eBay or PayPal. We're in the process of reaching out by phone to these members to, so that if the information is valid somehow -- regardless how this fraudster acquired the information -- these members can take the steps they need to take to protect themselves.
Like the double talk? One sentence claims the cc numbers are not associated with the financial info of members then the next sentence states "if that information is valid somehow". Typical eBay fashion.
posted on September 25, 2007 03:07:57 PM
As far as the tiny url is concerned, it's only as good or reliable as the person that posts it. Anyone can use it to send you anywhere.
posted on September 25, 2007 03:48:48 PM
No need to panic over this latest eBay snafu. It's business as usual and any resultant credit card fraud should be covered by the issuer. Ameritrade's servers were hacked earlier this year and over six months around $28 billion in assets were left exposed so nothing to worry about...
posted on September 25, 2007 04:11:39 PM
Tom, I'm sorry to say it, but you're confused.
When the URL is masked, you have no idea where you're going by clicking on the tiny version.
For those of us who actually can read URLs and can use WHOIS and other technical information sources to figure out what's really going on, having the URL masked is a red flag.
I don't care how long the link is. I always post the thing in the clear, as it were, so people can see what they're getting into when they click it.
posted on September 25, 2007 04:22:29 PM
I'm not confused, I'm just saying back up your condemnation of the TINY URL service by sumptin other than apple-dumpling pontification...
I've yet to read anyplace documented cases of problems (viruses; or spyware; or flatulating hot-airitis) caused by the use of the tiny url service...
posted on September 25, 2007 04:25:14 PM
Well, she didn't say there was anything wrong with Tiny URL, just that when the link is masked there's no way to know what it actually is.
Personally, I don't click on Tiny links. I like to check out the site first via Mywot.
posted on September 25, 2007 04:34:51 PM
Here's a real life example from a few years back.
Some baddies registered the domain paypai.com all neat and legal-like. Then they put a website there that mirrored paypal.com in every respect, including a login screen.
Except it wasn't PayPal, of course.
All the baddies had to do was send out emails saying PayPal had been hacked. Login here to make sure your account is safe!
Susie Random clicks on the link in her email, logs in and sure and shootin' she's alarmed by what she sees. PayPal's been hacked indeed. It's a really really long URL, though, for the page she's looking at, so she uses a convenient URL-truncation service to post the link to all her favorite discussion groups. PAYPAL'S BEEN HACKED! OH MY GOSH! I'VE GOT PROOF! LOOKIT HERE!
And they did. 'Course, they had to log in to see it, not knowing they were kissing their PayPal password goodbye.
posted on September 25, 2007 06:09:38 PM
I'm curious as to why the original URL was not posted, and has not been posted. It would seem simple enough for Cheryl to give us the original.
Possibly compromised ID's
Email me
This list was compiled with the help of many people, some who wish to remain anonymous. It was pulled from many sources. Your name on this list doesn't mean your account was absolutely positively compromised. It just means it might have been. Conversely, your name *not* on this list doesn't mean anything, either. This is just a list of names that were known to have been posted on a board where some personal info was also posted.
I have to go to work (for a few hours) in a couple of hours...but will continue to monitor board & email and update page as possible. Will of course check it tonite when I get home.
Thanks to silver & all that have helped me compile the list of names. We're up to 502. If I haven't responded to your emails personally...it's only because I have set the updating of the list to top priority.
Some generic suggestions to follow if / when you feel your online information is compromised:
Change passwords.
Notify bank & credit card companies that there might be a problem, and ask them to monitor your account closely for a bit.
If really concerned, close all bank and credit card accounts, and get new accounts set up.
Apparently some discussion threads are being deleted, and some posts are being kept out due to a filter set on the conversations. Word however is spreading, news agencies and law enforcement have been notified. Hopefully no one ends up with real problems because of this incident. Hugs to all who have helped me with this list!
I have no qualms about clicking on his liberal use of TINY URL's throughout his site...
Since buying my first ATARI 400 in 1982 (then: Atari 800; TI; TRS-80; C64; Apple IIc; Gateway; Dell; Sony PC's), I've been connected to some kind of online service -- have never gotten a virus or any other malware...Good ole COMMON SENSE is the BEST DEFENSE...
posted on September 26, 2007 08:31:14 PM
Tom, any site that labels Sylvia Brown a fraud is OK by me! I cannot stomach her - she is so blatantly cashing in on sorrow and the need for closure -- flippant and arrogant, riding Montel's coattails for all they're worth. Edited to add: I use tiny urls all the time, as a convenience. I do agree with Fluffy that anyone can give their link a Tiny Url name, so it doesn't signify that it is a safe site.
[ edited by pixiamom on Sep 26, 2007 08:52 PM ]
This is just a list of names that were known to have been posted on a board where some personal info was also posted.