Stolen eBay data up for sale – but is it really from eBay?



The UK website Telegraph reported today that they have discovered what may be the first attempt to sell identity information stolen from eBay sometime last February.

“Personal data in a format ‘consistent’ with the information stolen by hackers from eBay has been posted online in what is thought to be an underground advert hawking the details to identity thieves.

Related: FCC versus the Internet: Chairman Wheeler doesn't want to get it

“Information about 715 individuals are listed in a document posted online and seen by the Telegraph including full names, postal and email addresses, phone numbers and dates of birth – the same details which eBay admitted that it had lost.

“Most of the addresses appear to be in Malaysia and other South East Asian countries. None of the revealed records are believed to belong to UK or European users, although 17 million of the total records belong to Britons.”

I’m a bit suspicious about this story for a number of reasons. First, why only 715? eBay reported that the cyber thieves who breached their security earlier this year made off with something like 145 million records so why not publish a 1,000 or 10,000 or a million?

Second, why only addresses for people in Malaysia and South East Asia? Wouldn’t names and addresses for presumably wealthier Americans and Europeans be more attractive bait?

Related: So change your eBay and PayPal passwords already

Finally, the timing seems a bit too convenient. If the hackers had all those names and addresses for months why would they wait to leak just a handful of names the day after the eBay breach exploded across the news networks? Wouldn’t they have been trying to broker deals with other cyber criminals weeks if not months ago? And wouldn’t they try to make it a bit less obvious?

I think this is just a third-rate hacker (somewhere in Malaysia most likely) who cobbled together a quick list of people and organized the data so that it looked like the eBay data. I think it might be fake teaser data set out as bait in an attempt to scam the scammers. ‘See, we’ve got the data so let’s cut a deal for the rest of it.’

Or it could be a trap set up by some Malaysian cyber police force in an attempt to lure out those who would want to buy stolen identity records and they are just piggy-backing on the eBay story.



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit. He has lost count of the number of articles, blogs, reviews, rants and books that he has published over the years, but he hasn’t stopped learning and writing about new things.


More

The Interview Will Finally Hit Theaters on Xmas

Terrorists can't kill the laughter

You Can't Kill Stan Lee

Marvel's Energizer Bunny still keeps going

Blackhat Capturing the Terror of Cyberattacks

Michael Mann could be right on time with his latest movie