Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 23rd, 2008

5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm

A malware research firm, FaceTime Security Labs, has found a list of hacked eBay logins during investigation of an unrelated case of phishing in October 12. According to Christopher Boyd, the director of FaceTime Security Labs, it was the biggest haul of stolen eBay logins they’ve ever seen.

The list includes 121 pages and carries 5,534 eBay accounts, including usernames, passwords and mail address. Quite a lot of the accounts don’t exist or are no longer registered users, but there’s enough live accounts in there for this to be something of a worry (there also don’t appear to be any duplicates, which is unusual for a collection this big).

At first glance, it’s hard to say exactly where the data has come from or how new/old some of it is. It’s apparently been passed around various file download sites over the past week or two, though a massive “roll-up” of stolen accounts from various phishers seems most likely. These would be newly registered users, or users with low feedback scores because they don’t tend to use eBay that much. These are prime targets for phishers, because they’re more likely to be fooled by fake logins.

Another worry is that many inexperienced users on eBay use the same login details for Paypal, so there’s the possibility of being able to access two sets of accounts from the same data. Some of the logins have already been “locked out”, presumably logging in on an account from an unfamiliar IP address is triggering eBay security checks.

eBay have been notified and the data have been removed from the web with the help of Google who removed some cached data from their search engine index. Hopefully eBay will act quickly on the information they’ve been provided and assist those unfortunate enough to have been phished.

Share this item with others:

More on CyberInsecure:
  • Users Fear Of Illegal Content Targeted By Social Engineering Trojan
  • Another Cross-Site Scripting Vulnerability On eBay Domain Sites Allows Phishing
  • A Mistake At The University of Toledo Exposes 6500 Employees
  • Server Of Suffolk County National Bank Breached, 8,300 Customer Logins Stolen
  • Cotton Traders Clothing Firm Customers Credit Card Details Stolen From Hacked Website

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: 5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.