[ISN] Hacker breaks into eBay server, locks out users

From: InfoSec News (alerts@private)
Date: Mon Oct 08 2007 - 22:17:30 PDT


By Juan Carlos Perez
IDG News Service
October 08, 2007

A malicious hacker broke into an eBay server on Friday and temporarily 
suspended the accounts of a "very small" number of members, the company 

"We were able to block the fraudster quickly before any permanent damage 
had been done. At no point did the fraudster get any access to financial 
information or other sensitive information," eBay spokeswoman Nichola 
Sharpe said via e-mail.

eBay has "secured and restored" the affected accounts and is calling the 
affected users, she said, without specifying how many accounts the 
hacker accessed and tinkered with.

"The fraudster did this by accessing externally visible servers, not by 
hacking into the eBay site," Sharpe said.

She didn't immediately reply to follow-up questions from IDG News 
Service seeking clarification on what is an "externally visible" server 
and how it's different from an eBay site server.

eBay faces attacks to compromise its systems "every day," Sharpe said. 
"After learning of the recent situation, we quickly reacted to it," she 

"As we continue to lock down on the traditional ways that bad guys have 
attempted to exploit our system, it is only natural that they will look 
for new ways to get in. It is an ongoing battle," she said.

The incident, first reported by e-commerce news site AuctionBytes, 
happened a little more than a week after someone used an eBay discussion 
forum to post confidential information about eBay users.

The previous incident led the e-commerce giant to shut down the forum, 
one that ironically was devoted to the discussion of security issues.

The perpetrator of that confidential data disclosure posted the names 
and contact information of 1,200 eBay members on the company's Trust & 
Safety discussion forum, along with credit card numbers that were later 
determined to be invalid.

eBay eventually concluded that the attacker obtained the information via 
a phishing scheme, tricking individual members into disclosing the data.

Friday's hack has quite a few eBay members rattled, judging by this long 
discussion forum thread about the incident.

In that thread, some affected eBay members report receiving e-mails from 
a hacker identified as Vladuz saying that he had targeted them for 
posting forum comments that were critical of him.

Vladuz has in the past reportedly stolen login information that has 
allowed him to post messages to eBay discussion forums as if he were an 
eBay employee.

In its article, AuctionBytes said Vladuz has been targeting eBay for 
about 10 months.

Sharpe didn't immediately reply to the question whether eBay knows who 
was behind Friday's attack.

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com

This archive was generated by hypermail 2.1.3 : Mon Oct 08 2007 - 22:31:22 PDT