Phishing attempts making use of the eBay data breach

wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ.

Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data.

eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet clear.

There are already reports in the media that several spam waves are being sent containing  phishing  attempts that are impersonating eBay. Some of the emails contain an attached HTML form where the user is addressed with full name, email address and postal address. The recipient is urged to change his password due to the data breach and also requested credit card details. Obviously, the hackers didn’t even bother to crack the hashed passwords, they have started a targeted attack against the eBay users.

An official email from eBay is containing:

– the name as provided in the eBay account (nickname)

– the full name of the user

– the eBay user name

– the email address registered.

It does not contain the post address and it does not require any kind of payment information.

I strongly advise all users to change their passwords immediately, even before eBay is enforcing this change.

You can find here some good advice how to set a good password.

 


© Copyright 2014 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch