When the names and personal information of 1,200 eBay users, along with credit card numbers, suddenly appeared yesterday on eBay's Trust & Safety Discussion Board where public comment is shared, eBay responded by immediately shutting down the discussion board.
In the hours that followed, eBay's security team launched an investigation to determine whether the information on the 1,200 eBay users could be linked back to a hack of the eBay computer systems. Because some have questioned whether eBay was covering up a break-in, eBay is now undertaking to explain why it does not believe the incident is tied to any breach of its systems. EBay also is working to contact each of the 1,200 affected eBay users individually by phone to explain the situation to them.
"EBay's servers were not breached," said spokeswoman Catherine England, noting that eBay has determined the credit card numbers posted yesterday with the 1,200 eBay user names are not identical with credit card information that eBay stores.
"This credit card information was not associated with any financial information kept on file at eBay or PayPal," she said.
EBay doubts that these credit card numbers are valid, and research is supporting the idea it probably isn't, eBay stated today.
"This could be a variety of phishing or identity-theft scam," she said about the incident, noting that eBay has more than 241 million users worldwide. "We're often targeted by fraudsters and phishers."
EBay is in the process of contacting by phone each of the 1,200 users to notify them of the incident on the eBay Trust & Discussion Board, which has now been returned to service for its main purpose.
"To ensure the safety of our members, we are in the process of proactively contacting members by phone, so that if the information is valid somehow -- regardless how this fraudster acquired the information -- these members can take the steps they need to take to protect themselves," stated eBay spokeswoman Nichola Sharpe in an e-mail.
This story, "EBay Denies Security Breach Led to Data Posting" was originally published by Network World.