Jump to content

eBay hacked (December 2018)

Recommended Posts

Putin whistle-blowing...share, comment & distribute


Vad ca inaptii tac ca "porcul in papusoi" despre treaba asta asa ca postez aici: se pare ca au fost hackuiti si tac in privinta asta. Am aplicatia eBay pe telefon si Sambata dimineata (aproximativ ora 8.30) primesc o notificare de la app ca produsul meu s-a vandut. Nu aveam nimic postat de vanzare si nu folosisem pana atunci eBay-ul de vreo 1-2 luni. A trebuit sa astept pana la 9am sa vorbesc cu cineva de la support si tipa cica "da, stim ca sunt ceva hackeri care fac chestia asta insa se pare a fi automata". A verificat adresa de IP de unde s-a postat produsul si era de Hong Kong. Ce-i mai nasol e ca sunt foarte discreti in treburile astea - nu am primit nici o notificare referitor la schimbarea parolei, ca a fost postat un item nou, ca am vandut ceva nimic - de obicei primesc toate astea prin mail. Daca nu aveam aplicatia pe telefon nu aflam poate nimic, poate doar cand era prea tarziu. Si tipa de la eBay support cica "da, stim ca fac chestia asta, dar nu stim inca cum o fac, se pare a fi un bot care face tranzactii multe si marunte", etc. 


And the English version - 
eBay have been hacked and they seem to be keeping quiet about it. I have the eBay app on my phone and on Saturday morning (approx 8.30am) I get a notification from the app that my item has been sold. I did not have any item on sale and have not been using eBay for the past 1-2 months. I had to wait until 9am to ring their support and they were like "yeah, we know there's some hackers who are doing this, seems to be automated". And they checked the IP address from where the listing was made and it was from Hong Kong. But what's more worrying is the stealth with which they've done this - I had no notification of my account changing password, had no notification that an item has been posted for sale, etc. If I wouldn't have had the app on my phone, I would have probably not found about it until too late. And the lady on eBay support on the phone was like "yeah, we know about this, but we don't know how they're doing it, seems to be some bot as they're doing loads of small value transactions", etc.



Edited by QuoVadis
  • Upvote 13
Link to comment
Share on other sites

This is kinda funny tbh. Currently, eBay is running a very expensive BB program with one of the top BB platforms. The scope is very broad and basically, they are trying to cover all their exposed "stuff". Probably someone was able to toast them through one of their third-party acquisitions because eBay as a mother base platform is quite well scrutinised. I will check my account too just to see if anyone was able to add me more positive feedback :)

Link to comment
Share on other sites

Yeah, but even the fact that whoever pwned eBay, couldn't be bothered yet to do any serious damage and just set up a bot to do lots of small transactions. Maybe one strategy is that they were hoping to go undetected by not being greedy or perhaps testing the capabilities of the vulnerabiliti/es or building up for something larger. What annoyed me more though is that the lady on the phone was like "yeah, we know they're doing this but we don't know how or why". I was like.. well when the fuck are you going to warn people that their financial and personal data are at risk? Why the fuck are you keeping this quiet? I am actually going to raise a complaint with the ICO in here to fine them mofos...

  • Upvote 1
Link to comment
Share on other sites

Ca sa scoata banii din produsul vandut pe contul tau, ar trebui ca acel cineva sa aiba acces si la Paypal. Ori daca are acces la Paypal, scoate direct. Doar daca nu ai contul gol :D Probabil a dat disable la e-mail notifications de n-ai primit nimic.

Si indienii de la eBay support nu sunt de nici un ajutor, asa firma, asa angajati.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...