- Details of 14 million accounts of eBay and Amazon users were sold to at least two hackers.
- The data includes full names and delivery addresses but no payment data or email addresses.
- The two e-commerce giants have not announced any major security incidents recently.
Someone is selling about 14 million user accounts belonging to the Amazon and eBay e-commerce platforms on a popular hacking forum. The affected users are from 18 different countries, while the coverage period ranges between 2014 and 2021.
The data includes full names, postal codes, delivery addresses, shop names, and phone records. The price tag for the full package was set to $800, and according to CyberNews investigators who followed the sale closely, two persons bought the offering, and the author closed the sale.
Judging from the sample that was provided by the seller initially, the data pack appears to include valid data, but the sample only listed five entries, which is a very small percentage. As for how the hacker acquired the data in the first place, this remains unknown.
Neither Amazon nor eBay has announced any major security incidents this year, so this could be data from password spraying or the compromise of a third-party tool linked with the user accounts. That would explain why the number is only a subset of the entire userbase of the two giants.
The sold data didn’t include payment details or user credentials, and not even email addresses. This makes the leak less damaging but not completely harmless. Doxxing remains a possibility, as the actors now know what users bought, who they are, and where they live. It would be fairly easy for hackers to also find the email addresses of most of these people, or they could even use post mail to extort them.
That said, you can take some precautions like resetting your password and using a unique and strong passphrase now. If you receive any weird emails informing you about this very security incident, be very careful and do not follow any links embedded in the message body. Already, some users are reporting seeing weird activity on their accounts, some claim to be missing money from their accounts, and others say they have been scammed, but we can’t be sure if there’s a connection between these reports and the sale of the data.
- US, UK, Russia Strictly Sanction Cryptocurrency Network That Helped Ruling Class Evade Sanctions - December 6, 2024
- Most investment decisions are driven by emotion, study says - December 6, 2024
- Binance dominates inflows in 2024 - December 6, 2024