Skip to main content

Hackers are trying to flog stolen eBay logins part deux

We've heard this before, of course, but a new source has emerged claiming that eBay login details are for sale on the online underground.

As you are no doubt aware, eBay suffered a major security breach towards the end of last month, with attackers compromising the auction site's database and making off with a wealth of user data including encrypted passwords (initially, eBay didn't believe any user details had been compromised, and was therefore rather slow to respond).

And it wasn't long before an advert appeared on Pastebin offering an alleged 145 million eBay records for 1.45 Bitcoins (just over £500). However, security experts jumped on this story and debunked it as a fake – somebody chancing their arm and trying to scam the would-be scam artists themselves.

Now, more evidence has emerged of the attempted sale of stolen eBay account details, this time uncovered by The Sun on Sunday (via CBR). The paper found a hacker who was offering 1,000 eBay logins for £25, or indeed "unlimited" logins for £2,100 (presumably their entire list). The source of these offers wasn't mentioned, and neither was any comment offered as to whether these were genuine account details for sale – or another scam effort, which there's every chance of.

That said, the account details are out there, and by now they're likely being sold somewhere. If you haven't already done so, as per eBay's (sluggish) advice, you need to change your password on the auction site to make sure a malicious third-party can't access your account. And if you've reused that password elsewhere, change it for those accounts, too.