Stolen eBay Database On Sale for Bitcoin is Fake

Nermin Hajdarbegovic
May 23, 2014 at 11:40 UTC
Updated Feb 4, 2019 at 22:16 UTC

Earlier this week it was revealed that e-commerce giant eBay fell victim to a sophisticated cyber attack and that its use database had been breached.

In the days following the attack a curious Pastebin posting appeared online, offering to sell eBay’s breached database for 1.45BTC. However, eBay insists the database on sale is not authentic.

The hack

The security breach has been described as one of the biggest cyber attacks of its kind in history.

More than 230 million buyers and sellers have an account with eBay and the company is asking all of them to change their passwords. The number of active accounts is much lower, but at 128 million it is still very high indeed. As many as 145 million accounts were affected by the breach.

Luckily PayPal accounts were not compromised. Although eBay owns the popular payments processor, the two systems are not interconnected and PayPal was not affected by the attack. However, there is a chance that some users chose to use the same credentials on both services.

ebay, sign, logo, ebay headquarters, ebay california

The stolen eBay data was hashed, so it might take the attackers quite a bit of time before they decrypt the database. The problem is that the attack took place a couple of months ago, but it was not detected or reported.

Indecent proposal

The Pastebin offer included a 3,000-row extract from the database, listing users in the Asia Pacific region.

The extract allowed eBay to deduce that the offer was just a ploy to get free bitcoins from those who fell for it. An eBay representative told The Guardian that the published lists were checked for authenticity and eBay quickly concluded they were not authentic.

The company says there is no evidence that the passwords were decrypted. The database was hashed and salted.

Although the 1.45BTC offer is bogus and there is no evidence to suggest any of the passwords was decrypted, all eBay users are advised to change their passwords as a precaution.

Historically, similar attacks have been used as fodder by some bitcoin proponents, as they expose the inherent vulnerability of centralised systems.

For its part, eBay hasn’t shut the door on the cryptocurrency entirely. Last month CEO John Donahoe said digital currency will play an important role in the future and confirmed that the company is considering enabling bitcoin payments via PayPal.

Computer Image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.