Ebay Says Lists Of Stolen Customer Data Now Appearing Online Aren’t Legit

Following yesterday’s announcement of a cyberattack which compromised a “large number” of eBay users’ personal information, several lists purporting to contain that illegally acquired information have now shown up online. On anonymous data-sharing site Pastebin, for example, there are at least a couple of offers to provide “full eBay database dumps,” which you can pay for via bitcoin. However, eBay tells us that, at least so far, none of these published lists contain “authentic eBay accounts.”

As one commenter on Hacker News theorized this morning, these lists were probably targeted at “people gullible enough to send $1000 speculatively to a random person on the internet.”

It seems they were right.

These are not legit data dumps, eBay says. Fortunately, too, it seems no one has taken the bait, either – in both cases, the associated bitcoin address shows no transactions as of the time of publication. (Maybe the Internet is not as gullible as one would think?)

datadump-pastebin

According to eBay, the safest way for users to protect themselves is to reset their passwords, as the company advised yesterday.

However, on Wednesday, that turned out to be easier said than done. A number of users reported they had problems trying to reset their password yesterday, and were encountering an error page as eBay struggled with high traffic volumes.

ebay-page-not-available

That means that some number of eBay users who were trying to protect themselves by resetting their passwords, were, at times, unable to do so. Hopefully those users will return again today, as well as change that password anywhere else they may have used it online.

This “high traffic volume” problem doesn’t seem to be continuing today, now that the initial rush has died down. Ebay wouldn’t share how many users ended up blocked from completing their password resets yesterday, but testing the system this morning from the East Coast, it appears to be functioning normally.