Ebay breach update: user details posted on Pastebin are 'fake'

Ebay Logo
One of the biggest cyber-heists of all time

Ebay has denied that details pasted on anonymous text site Pastebin that purportedly came from a stolen database were genuine.

A spokesperson told the Guardian that, "the published lists we have checked so far are not authentic eBay accounts".

The auction site suffered one of the biggest cyberattack of all time after a database of up to 145 million of its users was apparently stolen.

Someone provided a sample of more than 12,600 entries coming from a database of Asian-Pacific eBay users and containing their emails, names, phone numbers, data of birth and addresses.

Suspiciously cheap

The asking price for the entire database was 1.45 Bitcoin (or 1 Bitcoin for 100 million users); that's about £445 (US$750, AU$813). The list page on Pastebin has been viewed nearly 30,000.

Arguably not a lot for a database whose size is said to dwarf that of Adobe breach file at 22GB (compared to 9GB); that's small enough to fit on a cheap USB stick.

Security experts expect the number of fake eBay user databases on sale to rise significantly over the next few weeks (ed: it would be ironic if it ended on eBay).

It is also likely that the hack will trigger a flood of scam emails sent to eBay (and non eBay) users worldwide, urging them to change their passwords.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.