Phishing attempts making use of the eBay data breach

wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ.

Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data.

eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet clear.

There are already reports in the media that several spam waves are being sent containing  phishing  attempts that are impersonating eBay. Some of the emails contain an attached HTML form where the user is addressed with full name, email address and postal address. The recipient is urged to change his password due to the data breach and also requested credit card details. Obviously, the hackers didn’t even bother to crack the hashed passwords, they have started a targeted attack against the eBay users.

An official email from eBay is containing:

– the name as provided in the eBay account (nickname)

– the full name of the user

– the eBay user name

– the email address registered.

It does not contain the post address and it does not require any kind of payment information.

I strongly advise all users to change their passwords immediately, even before eBay is enforcing this change.

You can find here some good advice how to set a good password.


© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check for seeing the consulting services we offer.

Visit for latest security news in English
Besuchen Sie für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

%d bloggers like this: