Cybercrooks are offering to sell “stolen copies” of the leaked eBay database through an advert posted through Pastebin.
However eBay says the sale is fake. “We have checked all published data and so far none are authentic eBay accounts,”
Security experts, although far from certain, seem inclined to agree.
The dodgy seller is offering to sell the “full eBay database dump” with 145 million records on a non-exclusive basis for 1.453 BTC (or $750).
A sample lump purporting to contain the compromised details of more than 12,000 users from the APAC region has been uploaded through Mega. The validity of the data on sale is unverified.
The Mega sample contains name, email address and postal addresses. Passwords are hashed and not revealed.
Security expert Kenn White reported finding several of the leaked email addresses in existing dumps. Other security experts are also wary.
“It’s not yet been verified that these are legitimately eBay credentials, and it’s possible that a criminal has just spotted an opportunity to cash in on the attack with some other credentials dump they have,” said Trey Ford, global security strategist at Rapid7.