We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

eBay server hacked, users locked out

Latest attack on eBay users' data

A hacker broke into an eBay server last week, suspending the accounts of a "very small" number of members, according to eBay.

"We were able to block the fraudster quickly before any permanent damage had been done. At no point did the fraudster get any access to financial information or other sensitive information," eBay spokeswoman Nichola Sharpe said via email.

eBay has "secured and restored" the affected accounts and is calling the affected users, she said, without specifying how many accounts the hacker accessed and tinkered with.

"The fraudster did this by accessing externally visible servers, not by hacking into the eBay site," Sharpe said.

She didn't immediately reply to follow up questions from IDG News Service seeking clarification on what is an "externally visible" server and how it's different from an eBay site server.

eBay faces attacks to compromise its systems "every day," Sharpe said. "After learning of the recent situation, we quickly reacted to it," she said.

"As we continue to lock down on the traditional ways that bad guys have attempted to exploit our system, it is only natural that they will look for new ways to get in. It is an ongoing battle," she said.

The incident, first reported by e-commerce news site AuctionBytes, happened little over a week after someone used an eBay discussion forum to post confidential information about eBay users.

The previous incident led the e-commerce giant to shut down the forum, one that ironically was devoted to the discussion of security issues.

The perpetrator of that confidential data disclosure posted the names and contact information of 1,200 eBay members on the company's Trust & Safety discussion forum, along with credit card numbers that were later determined to be invalid.

eBay members' credit card details on forum

eBay eventually concluded that the attacker obtained the information via a phishing scheme, tricking individual members into disclosing the data.

Friday's hack has quite a few eBay members rattled, judging by a long discussion forum thread about the incident.

In that thread, some affected eBay members report receiving emails from a hacker identified as Vladuz saying that he had targeted them for posting forum comments that were critical of him.

Vladuz has in the past reportedly stolen login information that has allowed him to post messages to eBay discussion forums as if he were an eBay employee.

In its article, AuctionBytes said Vladuz has been targeting eBay for about 10 months.

Sharpe didn't immediately reply to the question whether eBay knows who was behind Friday's attack.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

Apple TV setup advice: Apple TV hacks to help you create the ultimate Apple TV hub in your home