eBay spokeswoman Nichola Sharpe announced that the company's security experts have determined that it's highly likely that whoever posted confidential information about 1,200 eBay members in the company's Trust & Safety discussion forum this week stole the data via an e-mail phishing scam and did not hack into eBay systems. eBay is working with law enforcement to take action against the fraudster, she said, while declining to answer whether the person has been identified or caught. Because the situation is delicate, eBay can't fully disclose the information it has gathered, she said.
eBay took the Trust & Safety forum offline about an hour after the fraudster began posting information like names, addresses, user IDs and, apparently, credit card numbers. Regarding the credit card numbers, eBay now knows they didn't belong to the affected members and is fairly certain that the numbers weren't valid at all. "We have reason to believe this data was falsified to cause public concern," Sharpe said. As part of its investigation, eBay has contacted the affected users by telephone.
News source: InfoWorld