No Image

Phishing attempts making use of the eBay data breach

I wrote about the eBay data breach where cybercriminals got access to some eBay employees’ credentials and accessed the internal network. Names, email addresses, postal addresses, phone numbers, birth dates and encrpyted passwords were obtained. eBay started a campaign to reset the password of all their users. More information is available in their FAQ. Unfortunately, the breach occurred some time ago (between February and March this year) and this gave time to the hackers to already make use of the data. eBay communicated that the breach was discovered two weeks ago, but why they didn’t disclose the fact earlier it is not yet clear. There are already reports in the media that several spam waves are being sent containing  phishing  attempts that are impersonating eBay. Some of the emails contain an attached HTML form where the user is addressed with full name, email address and postal address. The recipient is urged to change his password due to the data breach and also requested credit card details. Obviously, the hackers didn’t even bother to crack the hashed passwords, they have started a targeted attack against the eBay users. An official email from eBay is containing: – the name as provided in the eBay account (nickname) – the full name…

%d bloggers like this: