Following the recent breach of eBay’s user database where over 145 million records are believed to have been stolen, unconfirmed reports that the data is now for sale have been circulating.
A good example was up on pastebin, but has since been taken down. Someone was purportedly selling the records for 1.453 BTC (worth roughly $840). It promised “full ebay user database dump with 145, 312, 663 unique records” in exchange for sending the bitcoins to a certain address. It even included a link to sample dump showing what it says are data for 12,663 users.
Experts have weighed in and concluded fairly easily that the sample records are not authentic and by extension, the ad is not creditworthy. Aside from obvious oddities such as the ridiculously low sum being asked, a couple of experts simply tried registering e-mails from the sample records on eBay themselves. They worked. Like many online businesses, eBay accepts no more than one e-mail per an account, and thus these e-mail addresses could not have originated from eBay.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
In addition, the accounts in the sample seem to have all “originated” from a single database, even though separate databases are kept for different regions such as Great Britain, China and Australia.
A similar scheme occurred following the Linkedin breach last year. Apparently, the scammers are targeting security companies who may be tempted to purchase the data to test for its authenticity.
The Bitcoin world is no stranger to such leaks. Shortly after its collapse, MtGox’s database was reportedly hacked and users made off with phone numbers, addresses and passport copies of employees, in addition to other interesting artefacts. They too released a sample of their bounty to the public.