Friday, March 09, 2007 eBay's Cover Up Machine: Part 2 Due to the sensitive nature of the incidents that surround the following article, I will be unable to provide as many screenshots as I normally would. And due to eBay's masterful way of burying info, there will be virtually no links. The incident referred to in the following article was NOT cached by Google. If you are worried that your name and financial info may have been compromised, I suggest that you contact eBay ASAP. Early Thursday morning, an alleged Romanian hacker signed into the eBay discussion boards under a hijacked account and started a series of conversations on eBay's Trust & Safety board that began as taunting and culminated in the worldwide posting of confidential financial information of fifteen different eBay members, including social security numbers, credit card numbers, bank account and routing numbers, ATM PIN numbers, mother's maiden names, driver's license numbers, as well as home addresses and full contact information. The thread, including the financial information remained posted on the eBay discussion boards for over 40 minutes, despite repeated attempts from several users to report the link and until finally a fellow eBay user was able to contact eBay via phone and report the incident. eBay then ended the fraudulent listing associated with the "Romanian" and pulled all of the posts and the entire thread. Immediately after the posts were pulled, the Romanian posted the same message and information again to the discussion forum - this time to 12 different boards. Rather than try to dissect the postings of the Romanian, calling himself "born_to_scam_american_guys," I'll simply post his entire initial post below. The following post appeared at 1:52 EST on the eBay discussion forums: I read many opinions here.... All I saw it`s just bullshiet....Alot of things about scamms..stupid things I think. Romanian guys are the best boys !!!! We are in each country...each city...and every day alot of money from your pocket intro in pur bank accounts....You know why ?? I will tell you my opinion...because you are so stupid ..... anyone can scam you very easy....not only with fake escrow and shipping websites.... For us nothing is not imposibile....Paypal...bank accounts...credit cards...spam....wire transfers... alot of things boys !!! WHy ??? Because we are the best !!!! Let`s ask you something : what make the american and canadian boys at 14-15 years old ????? Eat burgers at Mc`Dolnalds and watch naked girls on internet porno webpages.... Romanian guys at 14-15 years old scam people...learn how to build a profesional website....how to hack a internet server...and many more another "bad" things.... Me , personally , receive every day between 1000 and 5000 eBay accounts from spam and hack.... Is so easy to stolen your eBay account and your Paypal.....is just a funny game for us....... Go to www.nopaypal.com and read the forum.... Romanian guys scam last year 10 milions sellers and buyers from USA and Canada with Paypal accounts....How ??? Paypal is very safe.... Good joke.... Is safe only in your dream boys.....!!!! HE HE HE !!!!!!!! Let`s me say you a unreal thing.... Is much easy to scam with Paypal....Westen Union is a little complicate now to scam....the police are very carefful with Western Union offices.... Last thing : Why big companies from internet market want only romanian guys to work for them ????? Because WE ARE THE BEST !!!!!!!!! Author : Born_To_Scam_American_Guys
(Regarding the use of Paypal in scams being "much easy," we at Firemeg.com drew that conclusion long ago and have been very vocal about it. Despite eBay's best PR spin about how safe Paypal is, there is no denying the fact that it is by far the easiest, quickest and safest (for scammers) method of money transfer for scams)
Shortly after the above posting was finally removed from eBay, Born_To_Scam_American_Guys posted another post, entitled: "Smart" Americans. This time rather than brag or taunt, he simply provided proof that he does indeed have access to the information he referred to and the ability to use it. Below I will post an example of what one section of this post looked like. Obviously I have changed the names, numbers etc. in an attempt to protect the account holder.
-------------------- Firstname: John Lastname: Doe Address: 10221 West 45th Street City: Chicago State: IL Zipcode: 60615 Phone: 773-555-555 SSN: 3X6-XX-2XX4 Mother'sMaidenName: Smith Driver Licence: AXXX-0XXX-2XXX IssuedState: IL DOB: 07-10-19XX CardType: Credit Cardname: John Q. Doe Cardnumber: 4782XXXX0660XXXX Expiry Date: 07-2009 CVV2: 1XX ATM Pin: 8XX0 BankName: Chase BankPhone: 800-228-8014 RoutingNumber: 0XXXXXXX3 Account Number: 7XXXXX3 Bun ------------------- The Romanian posted fifteen different blocks of personal information from fifteen different people, just as shown above. Yesterday afternoon, we at Firemeg.com began to call the individuals who appeared on the list - using the phone numbers provided by the Romanian. We were able to contact some of the individuals and alert them about the issue. Not one single solitary person on that list that we spoke to had been contacted by eBay regarding the matter, NOT ONE! We asked each person if they had been contacted by eBay regarding the matter....a unanimous "No." We asked if eBay had emailed letting them know about the issue....a unanimous "No." We asked them if they had received any sort of email from eBay at all...all but one person did NOT get an email from eBay yesterday about anything, but one person on the list did get an email "from eBay" that she said was prompting her to "change her password." No reason was given in this email for suggesting to change the password. The woman who received this email wasn't sure if it was a "phishing" email, because she had never heard of phishing before. We also asked if each person had an eBay account and it was a unanimous "YES."
So what, if anything, did each of the individuals on the list have in common? Three things: 1) each person is a registered user on eBay. 2) each had not used eBay in quite some time. 3) all had no idea what "phishing" is, or how to detect scam emails - in fact, they all "protected" themselves by sorting "junk" mail out and deleting it, keeping ONLY those emails that say they are from known individuals or businesses that they have dealings with (ie. such as eBay and Paypal).
All of those on the list that we spoke to, substantiated that ALL the info posted on the eBay discussion boards was correct, including bank account info, credit card info and social security numbers. One woman broke down and was near tears, if not fully crying, her voice trembling with each question she asked. She said that all information was correct and was current and that she was very scared. She couldn't even remember her eBay user ID or password. She said that she uses eBay during the holidays to buy gifts, and gets a new eBay ID each year because she ends up forgetting the password and/or username. She was terrified - I'm sure due in part to the little she has heard about identity theft. I gave her the number to eBay headquarters (1-408-376-7400) and suggested she call both eBay and her financial institutions and change as much info as she could. She seemed relieved that I had tried to help, but couldn't understand why she would need to contact eBay, since she hadn't used the account since December and likely would simply get another account next holiday season. I explained that scammers could use the account to defraud potentially thousands of people and gain even more sensitive information, and that any charges racked up by scammers on her account would ultimately be reflected on her credit report. (OT, but it must be said...think about this user next time you hear Meg Whitman giving a quarterly or annual report speech about the number of new users on the site).
So, did eBay have a responsibility to contact their users whose personal financial information had been exposed to the world on their site? Under California law it would seem that not only does eBay have a responsibility, but failure to do so is against the law. It would seem that the threat of exposure of recent hackings and misfeasance on eBay inc.'s part is of more concern to the company executives than the obvious malfeasance they have just taken part in by failing to contact the account-holders whose personal information was recently compromised on eBay.com.
As early as last summer, we heard users equating eBay to Enron - lately we're seeing this on a daily basis from many sources. So is eBay heading down the same path? Insiders say yes. If current trends continue however, there may be even less warning of the impending collapse than the employees and shareholders at Enron had. Any company that is entrenched in scandal can absolve itself immediately by admitting to malfeasance, outlining a plan for rectification and show proof that the company is dedicated to following through. eBay has done none of this. Another tactic that is commonly used in conjunction with the said method of absolution is to name a scapegoat. Let the sins of the company crush the scapegoat, diverting attention away from the real culprits and away from the real intentions of the company. Using a scapegoat is basically a way to deal with an issue with less chance of reprisal from the community of employees and users and Wall Street.
Problem is, though, that Meg Whitman as of yet has failed to name a scapegoat, admit to any issues, and has her underlings in management issuing denials at light speed - despite enormous amounts of evidence that supports recent events as fact. Instead, eBay management has chosen to blame phishing - more specifically those poor (often naive or uninformed) individual users who have had the bad fortune enough to fall victim to such a scam. As politically incorrect as it may be, this is like "blaming the retarded kid for eating the paste." Those who have been scammed or had their accounts compromised very rarely have any idea of how it happened. Blaming them for being naive is easier and cheaper than restructuring the security of a Fortune 500 online marketplace. So these poor souls are left standing in the road with their empty pockets and the burden of restoring their own good names following such attacks.
Recently Meg Whitman started accusing other online/information technology companies of such as banking institutions and others, specifically Microsoft and Yahoo!, of failing to prevent data breaches and failure in general of keeping security in cyberspace. Basically Whitman wants other online companies to prevent fraud on eBay by providing eBay with information on recent scams and by preventing fraudulent ebay emails from ever reaching potential victims. It's always easier to pass the blame onto competitors and dedicated users than it is to point the finger at one's self and accept responsibility for failed policy and poor security. Some other blogs that have picked this story up are The Consumerist, OTHATSWHY.
WOW!!!
On a side note: I read somewhere at TCWL (www.thecarwashlive.com) owned by an Actor named Alan Polonsky (Toolbox Murders inc.) that TCW had a way of directly reaching Meg Whitman regarding important "netcop" matters. Might be worth looking into, in the Future, sometime.
-- Edited by Cyber Diva at 14:47, 2007-03-12
__________________
“There is a destiny that makes us all brothers: None goes his way alone.
What we put into the lives of others,
comes back into our own.”--Edwin Markham
virusesrus wrote: Why do you bunch of dumb f*cks care what happens on Ebay ?
None of you use it !!
Probably because they are exporting their "trash" to the rest of the Free World, perhaps? Fruitcake!
__________________
“There is a destiny that makes us all brothers: None goes his way alone.
What we put into the lives of others,
comes back into our own.”--Edwin Markham
Virus, just so you know, I was an ebay member, buying and selling with more than a couple IDs since 1999.
The stuff that I sold was not dollar store garbage. But like many, I will not bend over and hold out my wallet, then get kicked in the teeth on top of IT.
I contend that ebaY treats IT's members not unlike an abusive spouse treats his/her inferior, and the kool-aid slurping ninnyhammers are not unlike the enablers in the scenario.
-- Edited by anonymous at 04:05, 2007-03-10
__________________
CAPP Consumers Against PayPal Policies - Exposing the sleazery of sleazebay and painpal
So Richard did the same thing he did about a week or two ago regarding the new PS feedback removal rules and the associated PS that was discussed?
Seems like our over the pond cousins might benefit from an ongoing thread here for safe haven.
I will tell you that the pinks on this side show a much more genuine interest in the T&S issues and problems that members have on the site. I wish you could enjoy the same, but alas we're not willing to give ours up.
Caped~
__________________
“There is a destiny that makes us all brothers: None goes his way alone.
What we put into the lives of others,
comes back into our own.”--Edwin Markham