NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0636 Phishing scam results in theft of eBay account log‑ins:


On 12 October 2008, researchers from FaceTime Security Labs notified eBay that a cache of 5,534 stolen eBay account log‑ins had been discovered ‑ likely the result of successful phishing scams, according to an online news report. Christopher Boyd, malware research director for FaceTime, said that most of the stolen eBay account log‑ins appeared to be those of newly registered users or ones who do not use eBay regularly: "These are prime targets for Phishers, because they're more likely to be fooled by fake logins."

Because new users tend to use the same log‑ins for both eBay and PayPal, according to Boyd, their PayPal accounts also could be compromised. The stolen accounts were listed by eBay user name, password, and e‑mail account.

"Quite a lot of the accounts don't exist or are no longer registered users, but there's enough live accounts (sic) in there for this to be something of a worry (there also don't appear to be any duplicates, which is unusual for a collection this big)," Boyd blogged. "I should mention, it's not just new eBayers that can be caught out by these kinds of scams ‑ there were quite a few high scoring eBayers in the stolen logins too," Boyd said.

FaceTime researchers pulled some of the data offline with the help of Google, which removed cached data in its search engine that included the stolen credentials.

(darkreading, 13OCT08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 16-Nov-2008 09:29:55 EST