Menu

e-bay Security Practices under investigation by US States      

Biggest ever Distributed Denial of Service (DDoS) attack on Cloudfare Networks       

Bitcoin Exchanges continue to suspended withdrawal operations      

Snowden accessed NSA confidential data using web scrapping tools      

Barclays Bank probing the breach of client data sold to rogue City traders      

New Snapchat Flaw Can DoS and Spam iOS and Android       

eBay denies - the stolen customer data available for public sale

Published on: 5/22/2014

What is claimed to be a copy of eBay's stolen database is offered for sale via anonymous text file site Pastebin Ebay says that a database being offered for sale online by a hacker who claims it contains details of the auction site's users which were compromised in a cyberattack that was revealed on Wednesday is not authentic. Someone claiming to have a copy of eBay's stolen database is offering to sell it for 1.45 bitcoin (about £447) via the anonymous text file site Pastebin.

Ebay says that a database being offered for sale online by a hacker who claims it contains details of the auction site's users – which were compromised in a cyberattack that was revealed on Wednesday – is not authentic. Someone claiming to have a copy of eBay's stolen database is offering to sell it for 1.45 bitcoin (about £447) via the anonymous text file site Pastebin. But eBay denied that an extract linked from the site belonged to its users. The hacker provided a 3,000-row extract from a database with Asian-Pacific user names, addresses, phone numbers and dates of birth as proof that they are in possession of the full 145 million user database. "The published lists we have checked so far are not authentic eBay accounts," said an eBay spokesperson talking to the Guardian. Security experts have begun trying to narrow down the source of the extract. UK cyber security company Digital Shadows said that cross-referencing the leaked data with publicly available information on Facebook appears to confirm that the names are real, even if they did not come from eBay. "It is always tough to tell whether the data is genuine in situations like this," explained Rik Ferguson, global vice president of security research at security software firm Trend Micro. "The email addresses I have tested so far do not appear to be sourced from previous breaches," said Ferguson who later confirmed that the database was likely fake. 'One or two' company identities were the key Ebay took two months to discover it had been hacked because no "unusual activity" was detected until May, the company has revealed. “One or two” eBay employee company identities were stolen between the end of February and the beginning of March, but it wasn’t until repeated attempts were made to access a database – which those identities were not authorised to access – that the intrusion attempt was discovered, a company spokesperson explained to the Guardian. The stolen identities could not be used to access other companies owned by the auction site, including PayPal or GumTree, the spokesman said. 145 million potentially exposed The e-commerce site, which listed 233 million total registered accounts, has 145 million active users, all of whom have been asked to change their passwords after the company discovered that its customer database had been broken into. Ebay has 14 million users in the UK. Ebay would not comment on whether the database exposed in the hack contained the private data of all 145 million active users globally, which helped the company process $212bn in commerce in 2013. Security experts have criticised the company for not encrypting all private customer information it held, which includes customer names, email addresses, physical addresses, phone numbers and dates of birth. Security levels “We use different levels of security based on different types of information we’re storing, and all financial information across all of eBay’s businesses is encrypted,” the company spokesman said. “It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held,” said Ferguson. 'Serious from an identity theft perspective' Despite eBay seemingly not putting importance on personal information like postal addresses and dates of birth, the repercussions of this data theft could be felt for a long time after the break-in. “I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. This is serious from an identity theft perspective,” said Hugh Boyes from the Institution of Engineering and Technology. “The only item they are missing is mother's maiden name and they have sufficient information to impersonate an individual when dealing with many financial organisations,” Boyes said. User passwords exposed in the break-in were encrypted, however, and were “hashed and salted” with “no evidence shown that the encryption on passwords has been broken,” according to the company’s Twitter account. Ebay is “aggressively investigating” the intrusion with law enforcement, but has seen no evidence that user accounts have been abused.


e-bay Security Practices under investigation by US States

eBay came under pressure on Thursday over a massive cyber attack, as three US states began investigating the e-commerce company's security practices. Connecticut, Florida and Illinois said they were conducting a joint investigation of the matter. New York attorney general Eric Schneiderman requested eBay provide free credit monitoring for everyone affected, according to a person familiar with the matter. Details about what happened are unclear ...
Read More

Barclays Bank probing the breach of client data sold to rogue City traders

Barclays Bank announced to start investigataion of client data sold to rogue City traders. The official statement from Barclays Bank: "We are grateful to the Mail on Sunday for bringing this to our attention and we contacted the Information Commissioner and other regulators on Friday as soon as we were made aware. Our initial investigations suggest this is isolated to customers linked to our Barclays Financial Planning business which we ceased ...
Read More

World Economic Forum website closes email address leak

Security research firm finds vulnerabilities in the website of the WEF, which organises the annual conference in Davos. A security flaw on its website led to the World Economic Forum at Davos leaking attendee's email addresses for at least five days in mid-January. Embarrassingly for the organisation, even while their insecure website was exposing attendees' information, the World Economic Forum released a report arguing that a failure to deli...
Read More