Fake Ebay password hashes sold by scammers

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Cybercrooks are offering to sell “stolen copies” of the leaked eBay database through an advert posted through Pastebin.

However eBay says the sale is fake. “We have checked all published data and so far none are authentic eBay accounts,”

Security experts, although far from certain, seem inclined to agree.

The dodgy seller is offering to sell the “full eBay database dump” with 145 million records on a non-exclusive basis for 1.453 BTC (or $750).

A sample lump purporting to contain the compromised details of more than 12,000 users from the APAC region has been uploaded through Mega. The validity of the data on sale is unverified.

The Mega sample contains name, email address and postal addresses. Passwords are hashed and not revealed.

Security expert Kenn ‪White reported finding several of the leaked email ‬addresses in existing dumps. Other security experts are also wary.

“It’s not yet been verified that these are legitimately eBay credentials, and it’s possible that a criminal has just spotted an opportunity to cash in on the attack with some other credentials dump they have,” said Trey Ford, global security strategist at Rapid7.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply