Application security, Breach, Data Security, Incident Response, Malware, Phishing, TDR

More than 5,000 pirated eBay credentials found on web

A security researcher has stumbled across a mass listing of eBay login details saved to a Google cache.

Chris Boyd, director of malware research at FaceTime Communications, said he was investigating an unrelated phishing case when he made the unexpected find.

He uncovered the usernames, passwords and email accounts for 5,534 eBay users on the Google cache of a pastebin website -- a Wiki-like application that allows for the pasting of large amounts of text, Boyd told on Tuesday.

Screenshot of cache with stolen eBay credentials, with word count to show size of file (Source: FaceTime Communications)

One of the victims coincidentally shared the same last name as the phisher Boyd was investigating, which is how he came across the cache. (The original web page had been taken down).

The credentials likely were stolen through a phishing attack, he said. Most of the accounts were inactive, but a considerable number still were working.

Of the active accounts, many of the users had a low "feedback score," meaning they had not bought or sold many items on the auction website, Boyd said. Therefore, they likely were easier pickings for phishers.

"It's usually easier to phish one of those users or an inexperienced eBay user than one of the regulars," he said, adding that, in many cases, these users probably also use the same login details for their PayPal accounts. (eBay owns PayPal).

Boyd said he notified Google, which deleted the cache, and PayPal, who promised to secure the affected accounts.

An eBay spokesperson could not be reached for comment on Tuesday.

Criminals can use plundered eBay account details can peddle fake goods and appear like a legitimate seller, Boy said.

"It's one more level of deception...rather than using their own identities," he said.

Boyd added that was surprised by the number of login information, likely publicly posted by low-level criminals wanting to impress the operators of underground forums.

"It's just quite surprising the size of the see it in such a well organized bundle," he said. "To see a piece of data this large with no duplicates with a lot of accounts quite alive and kicking, it's quite worrying."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.