Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Fraudsters abuse eBay customer database


Top Poster

Status: Offline
Posts: 3757
Date:
Fraudsters abuse eBay customer database


Report of 12.09.2007 09:04

 Fraudsters abuse eBay customer database


German consumer protection site falle-internet.de reports that fraudsters have found a new trick (German text with screen shots) to cheat eBay users by exploiting functionality of the eBay API to gain access to customer data in the eBay database. The eBay API is available to sellers and external service providers and the members names must be known to be able to use them.

37342e3134312e3233312e3535?_RM_EMPTY_

Apparently, users receive mails with a "second-chance offer": a bidder who has been outbid by another bidder is offered the same product through a buy-it-now option. However, the apparent buy-it-now link in the e-mail does not lead to the eBay pages, but to a fake site.

If a user clicks onto the transaction button, he is led to a form on the Square Trade trading platform, where the data provided to eBay, e.g., the users zip code, city and e-mail address, are entered correctly. Fraudsters use various online tools on hacked web sites to exploit the eBay APIs to view this information. However, some of the tools mentioned by falle-internet.de are no longer available.

Unwitting users might not be able to resist this second chance to bid again and obtain the desired product, and so could be induced to accept such offers. eBay has responded to this problem : for bids that exceed 100 euros (around UK £66), member names are no longer disclosed except to the seller, who can view the list of bidders. According to falle-internet.de, existing tools can, however, help fraudsters to bypass this protection and continue to inspect the information. eBay advises users to ignore any second-chance offers unless the same e-mail has also been sent to the My Messages folder, and to complete all transactions through the eBay site.



__________________

Exposing the sleazery of ebaY and PayPal

 



Top Poster

Status: Offline
Posts: 3757
Date:

Data leakage with eBay -
Cheats have entrance to the company-owned data base and to read member data out


Alarm tendency with eBay: The members recognize that cheats can arrive at their data. They receive fraud offers directly to their E-Mail address and on a purchase completion side are led, on which its residence with postal zip code is registered as ship-to address already. Everyone can pick the data out, which knows the entrance address of this side; whether it this knowledge with fraudulent intention to use wants or - like members of fall internet.de - for the purpose of demonstration.

The data source different groups of cheats is well-known obviously, because they are already in the race: Members receive the fraudulent offers even, while the auction still runs. That is particularly annoying for honest salesmen, from who so the customers are removed. Delivery of a high requirement Sofortkauf offers arrive right after from all world in the E-Mail entrance ; in different languages cheats try to forestall the prospective customers to seals and the competition. One accesses directly the eBay data base, because even data of member accounts freshly put on are immediately observable. Tests show that also the members of the eBay management are not protected before the data selection:

(continues with screencaps and more report)

Original German language report



__________________

Exposing the sleazery of ebaY and PayPal

 



Top Poster

Status: Offline
Posts: 3757
Date:

One accesses directly the eBay data base, because even data of member accounts freshly put on are immediately observable. Tests show that also the members of the eBay management are not protected before the data selection:

 

00d1e5aa.jpg

 



__________________

Exposing the sleazery of ebaY and PayPal

 



Top Poster

Status: Offline
Posts: 3757
Date:

I seem to recall posting this related article earlier this year, within a day or two of it being published. Now there is a trail of dots to follow.

I recall at least one misguided person seeming to imply that Germany was some 3rd world country, and that only news reports in Englisch language were valid.
And I still recall that some trolls came here and did everything in their power to disrupt this humble board and stop the free flow of information unflattering to certain sleazy online auction giants once those stories started to flow.

Welll, it seems that those "members" all got themselves banned for cheating.

At least one of them went on to continue to stalk and harrass two or more of our beloved members here, along with other innocent people.

Well... now what sort of events have we witnessed since then?

Anyone want to come invade this board again?

Just humour me, why not dedicate a slew of stalking blogs, all with my fake names on them?

Be sure to include the moniker
"Cappnonymous" , don't forget to mention Youtube

I think everyone would just love that.

It has been a while since anyone attempted to divert traffic from any of my fine documentary vids, or even parody videos, to a disreputable chat forum with strong connections to stalkers and stalking boards in order to slam, indeed even attempt to shut down our humble board.

I wonder whether anyone wants to try that little stunt again?

blankstare.gif

Also does eBay theSicherheitsabteilung have an open window to the yard ?














-- Edited by budnonymous at 12:12, 2007-09-12

__________________

Exposing the sleazery of ebaY and PayPal

 

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard