5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm
A malware research firm, FaceTime Security Labs, has found a list of hacked eBay logins during investigation of an unrelated case of phishing in October 12. According to Christopher Boyd, the director of FaceTime Security Labs, it was the biggest haul of stolen eBay logins they’ve ever seen.
The list includes 121 pages and carries 5,534 eBay accounts, including usernames, passwords and mail address. Quite a lot of the accounts don’t exist or are no longer registered users, but there’s enough live accounts in there for this to be something of a worry (there also don’t appear to be any duplicates, which is unusual for a collection this big).
At first glance, it’s hard to say exactly where the data has come from or how new/old some of it is. It’s apparently been passed around various file download sites over the past week or two, though a massive “roll-up” of stolen accounts from various phishers seems most likely. These would be newly registered users, or users with low feedback scores because they don’t tend to use eBay that much. These are prime targets for phishers, because they’re more likely to be fooled by fake logins.
Another worry is that many inexperienced users on eBay use the same login details for Paypal, so there’s the possibility of being able to access two sets of accounts from the same data. Some of the logins have already been “locked out”, presumably logging in on an account from an unfamiliar IP address is triggering eBay security checks.
eBay have been notified and the data have been removed from the web with the help of Google who removed some cached data from their search engine index. Hopefully eBay will act quickly on the information they’ve been provided and assist those unfortunate enough to have been phished.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.