Stolen eBay data up for sale – but is it really from eBay?



The UK website Telegraph reported today that they have discovered what may be the first attempt to sell identity information stolen from eBay sometime last February.

“Personal data in a format ‘consistent’ with the information stolen by hackers from eBay has been posted online in what is thought to be an underground advert hawking the details to identity thieves.

Related: So change your eBay and PayPal passwords already

“Information about 715 individuals are listed in a document posted online and seen by the Telegraph including full names, postal and email addresses, phone numbers and dates of birth – the same details which eBay admitted that it had lost.

“Most of the addresses appear to be in Malaysia and other South East Asian countries. None of the revealed records are believed to belong to UK or European users, although 17 million of the total records belong to Britons.”

I’m a bit suspicious about this story for a number of reasons. First, why only 715? eBay reported that the cyber thieves who breached their security earlier this year made off with something like 145 million records so why not publish a 1,000 or 10,000 or a million?

Second, why only addresses for people in Malaysia and South East Asia? Wouldn’t names and addresses for presumably wealthier Americans and Europeans be more attractive bait?

Related: FCC versus the Internet: Chairman Wheeler doesn't want to get it

Finally, the timing seems a bit too convenient. If the hackers had all those names and addresses for months why would they wait to leak just a handful of names the day after the eBay breach exploded across the news networks? Wouldn’t they have been trying to broker deals with other cyber criminals weeks if not months ago? And wouldn’t they try to make it a bit less obvious?

I think this is just a third-rate hacker (somewhere in Malaysia most likely) who cobbled together a quick list of people and organized the data so that it looked like the eBay data. I think it might be fake teaser data set out as bait in an attempt to scam the scammers. ‘See, we’ve got the data so let’s cut a deal for the rest of it.’

Or it could be a trap set up by some Malaysian cyber police force in an attempt to lure out those who would want to buy stolen identity records and they are just piggy-backing on the eBay story.



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for many of the most influential publications over the years – publications that helped shape our current technological zeitgeist. He has lost count of the number of articles, blogs, reviews, rants, and books that he has published over the years, but he hasn’t stopped learning and writing about new things.


More

US Open ball boys get high-tech Ralph Lauren polo shirts

The fashion brand has added high-tech thread to the clothing it supplies US Open ball boys that can measure heart rate, breathing and stress levels.

Minnesota man builds 3D castle with 3D printer

Andrey Rudenko of Minnesota used a custom-built, cement-spraying 3D printer to print a 3D castle in his backyard.

Companies Struggle to Find Workers in U.S. With Basic Math Skills

Having spent time in several Asian countries over the years, I have learned a lot about why students from these countries excel in mathematics and related technical fields.