Early this morning, a series of new threads appeared on Ebay’s Trust & Safety Discussion Board, in which the personal information of hundreds of Ebay users was posted. This information included credit card account numbers, as well as the 3 digit security code on credit cards.
The information was reportedly available on the discussion board for about an hour and a half, despite the fact that many users reported the violation within fifteen minutes of the first posting.
While at this point it is unclear to many users exactly what happened, those who frequent the Trust & Safety discussion forum on Ebay first noticed new threads appearing, with each thread containing the personal information and credit card account numbers of Ebay users. Over a short period of time, the number of threads steadily increased, until Ebay was finally forced to shut down the discussion board.
While Ebay has thus far made no official statement about the leak of information, some forum moderators have made a few claims that many Ebay users find dubious. One such claim is that there was a server glitch and that the forum board was displaying personal information of posters rather than the post itself.
Ebay users however believe that the site was hacked, and the hacker was posting new threads one by one, apparently waiting to see how long it would be before Ebay managed to remove the threads. Other speculative reports say that the information posted was false, though some users have reported seeing their info posted and that it was correct.
According to one poster on another discussion thread, “The info that was published included user id, name, address, email address, feedback score, credit card number, date of registration, and the three digit code contained on the back of your card. Because of this, the potential for fraud is very real, not only for those appearing on the list.”
As Ebay users reported the offense and began posting new threads about the apparent hack, those threads were also steadily removed, causing many Ebay users to grow increasingly frustrated. Many believe that Ebay is trying to cover up the apparent hack and theft of user’s personal and credit card information. Ebay staff at this point have remained primarily unresponsive to user concerns, but have been swift to reprimand users who continue to post new threads regarding the incident.
Many users have been quick to alert local and internet news resources to ensure that the public is aware that a hacker might have access to thousands more credit card numbers that what he managed to post. This could affect everyone who is part of the Ebay community, as a credit card is usually required to buy and sell on the site. Additionally, skilled hackers and fraudsters can also use this information for any number of illegal activities and scams, even raising the potential for fraud against individuals who rarely or never use Ebay.
It is expected that the auction site may make an official statement sometime soon, but many users feel that Ebay has and still is acting very irresponsibly and that any explanation will be a lie and/or cover up of the facts.
While most forum observers put the list of immediately affected Ebay users at just over 1,000, the potential for many more credit card numbers and personal information to be leaked is much higher, if Ebay’s servers were indeed compromised by a hacker.