Thank you for your assistance. As was suggested, I sent a report to Rob last night. I just hope it is read and action taken. The hacked site has been taken down so I send Rob the three lists of suspect eBay accounts in a ZIP file
I followed up on the URL which covered old territory but found something interesting under this page: Contact Us - Account Security http://pages.ebay.com/help/contact_us/_base/index_5.html?item=&topic=index_5&continue=Continue+%3E If you select the options Unauthorized account activity and The problem youre having with unauthorized account activity isnt listed you are sent to an open ended input form which appears to be the best option eBay offers online for reporting general account problems.
The idea of reporting compromised eBay accounts to the State of California is interesting. Other reporting organizations are the United States Secret Service (http://www.secretservice.gov/ectf.shtml) and the United States computer Emergency Readiness Team at (http://www.us-cert.gov/nav/report_phishing.html) who also have an Email reporting address phishing-report@us-cert.gov. I just might start copying US-CERT on all my Emails to spoof@ebay.com and spoof@paypal.com. The reports I send eBay/Paypal contain detailed information about the nature of the hack so they may be of interest to US-CERT.
I have also started copying the Abuse Email address of the registered owners of the hacked IP Address. I am finding that in many cases the IP Address owners are quicker at responding than eBay/Paypal. If you want a one-stop identification of the owner of an IP Address, try the Domain Tools WhoIs function (http://whois.domaintools.com/), which is better than ARIN as it supports international IP Addresses directly.
I am very surprised at the number of people who are apparently entering valid eBay accounts. If the passwords are also good, then eBay has a much bigger problem on its hands then I thought. People who enter expletives into phishing sites are doing the hackers a favor as they will then know what to ignore. A better strategy would be to makeup accounts and passwords which look reasonable, which would drive the hackers nuts. Better yet write an account/password generation and have it start feeding pure garbage into phishing sites. Note that there may be legal implications in doing this but it would be a fun project.
I have noticed that the hackers are using common tool kits for the phishing sites and it may be useful to start documenting these tools kits as we would then know where the harvested data is recorded. If you can get into a hacked site, look for files where the date/time stamps are being constantly updated. They do stand out but ignore the extensions which are most likely bogus. If you down load such files, be sure to change the file extension to .txt and remember that the end-of-line delimiter may be in a Unix format if you are using Windows.
Would eBay have any reason to ignore the existence of large lists of compromised accounts? I ask this because reporting exception conditions is difficult.
I will keep you posted on responses if any from eBay.
Another seemingly obvious lack of proper response by ebaY.
Ebay has had multiple, severe security issues recently, and is not being straightfoward, thus endangering consumers.
This video is posted because ebaY will not alert consumers, or even admit to any problems.
The info presented here would soon have hit the "memory hole"
Please conduct a little research. ebaY is now a very dangerous site, IMO.
There is no better place to start than right on ebay's own community discussion forums, in particular the "Trust & Safety" board. Look for a thread entitled, "Massive, worldwide, multiple user hijacks" It is quite a spectacle.
Constant and numerous reports of hijacked accounts, phishing through ebays own "my messages" system, pornograghic images and bogus redirected auctions everywhere, pharming and phishing pages linked to from nearly everywhere within the ebay website.
Also chilling examples of censorship, and denial of information which would serve to benefit the users, by alerting them to the obvious risks of even using, or continuing to use ebaY.
IMO, Ebay is HACKED! Search web for ebay + Vladuz.
Just shamelessly plugging my own lame video, and not letting this issue die.
Hmm... I notice that all of a sudden, in the last 1-2 weeks or so, plain, non embedded links to youtube videos have become embedded, as if by magic, in the strangest places too.