Phishing attempts making use of the eBay data breach

wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ.

Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data.

eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet clear.

There are already reports in the media that several spam waves are being sent containing  phishing  attempts that are impersonating eBay. Some of the emails contain an attached HTML form where the user is addressed with full name, email address and postal address. The recipient is urged to change his password due to the data breach and also requested credit card details. Obviously, the hackers didn’t even bother to crack the hashed passwords, they have started a targeted attack against the eBay users.

An official email from eBay is containing:

– the name as provided in the eBay account (nickname)

– the full name of the user

– the eBay user name

– the email address registered.

It does not contain the post address and it does not require any kind of payment information.

I strongly advise all users to change their passwords immediately, even before eBay is enforcing this change.

You can find here some good advice how to set a good password.

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca

Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close