Stolen eBay Database On Sale for Bitcoin is Fake

The news comes after e-commerce giant eBay fell victim to a sophisticated cyber attack that breached its database.

AccessTimeIconMay 23, 2014 at 10:40 a.m. UTC
Updated Feb 9, 2023 at 1:24 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Earlier this week it was revealed that e-commerce giant eBay fell victim to a sophisticated cyber attack and that its use database had been breached.

In the days following the attack a curious Pastebin posting appeared online, offering to sell eBay’s breached database for 1.45BTC. However, eBay insists the database on sale is not authentic.

The hack

The security breach has been described as one of the biggest cyber attacks of its kind in history.

More than 230 million buyers and sellers have an account with eBay and the company is asking all of them to change their passwords. The number of active accounts is much lower, but at 128 million it is still very high indeed. As many as 145 million accounts were affected by the breach.

Luckily PayPal accounts were not compromised. Although eBay owns the popular payments processor, the two systems are not interconnected and PayPal was not affected by the attack. However, there is a chance that some users chose to use the same credentials on both services.

Shutterstock
Shutterstock

The stolen eBay data was hashed, so it might take the attackers quite a bit of time before they decrypt the database. The problem is that the attack took place a couple of months ago, but it was not detected or reported.

Indecent proposal

The Pastebin offer included a 3,000-row extract from the database, listing users in the Asia Pacific region.

The extract allowed eBay to deduce that the offer was just a ploy to get free bitcoins from those who fell for it. An eBay representative told The Guardian that the published lists were checked for authenticity and eBay quickly concluded they were not authentic.

The company says there is no evidence that the passwords were decrypted. The database was hashed and salted.

— Ask eBay (@AskeBay) May 22, 2014

Although the 1.45BTC offer is bogus and there is no evidence to suggest any of the passwords was decrypted, all eBay users are advised to change their passwords as a precaution.

Historically, similar attacks have been used as fodder by some bitcoin proponents, as they expose the inherent vulnerability of centralised systems.

For its part, eBay hasn't shut the door on the cryptocurrency entirely. Last month CEO John Donahoe said digital currency will play an important role in the future and confirmed that the company is considering enabling bitcoin payments via PayPal.

Computer Image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.