Stolen eBay Database On Sale for Bitcoin is Fake

The news comes after e-commerce giant eBay fell victim to a sophisticated cyber attack that breached its database.

AccessTimeIconMay 23, 2014 at 10:40 a.m. UTC
Updated Aug 18, 2021 at 2:56 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Earlier this week it was revealed that e-commerce giant eBay fell victim to a sophisticated cyber attack and that its use database had been breached.

In the days following the attack a curious Pastebin posting appeared online, offering to sell eBay’s breached database for 1.45BTC. However, eBay insists the database on sale is not authentic.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • The hack

    The security breach has been described as one of the biggest cyber attacks of its kind in history.

    More than 230 million buyers and sellers have an account with eBay and the company is asking all of them to change their passwords. The number of active accounts is much lower, but at 128 million it is still very high indeed. As many as 145 million accounts were affected by the breach.

    Luckily PayPal accounts were not compromised. Although eBay owns the popular payments processor, the two systems are not interconnected and PayPal was not affected by the attack. However, there is a chance that some users chose to use the same credentials on both services.

    ebay, sign, logo, ebay headquarters, ebay california

    The stolen eBay data was hashed, so it might take the attackers quite a bit of time before they decrypt the database. The problem is that the attack took place a couple of months ago, but it was not detected or reported.

    Indecent proposal

    The Pastebin offer included a 3,000-row extract from the database, listing users in the Asia Pacific region.

    The extract allowed eBay to deduce that the offer was just a ploy to get free bitcoins from those who fell for it. An eBay representative told The Guardian that the published lists were checked for authenticity and eBay quickly concluded they were not authentic.

    The company says there is no evidence that the passwords were decrypted. The database was hashed and salted.

    — Ask eBay (@AskeBay) May 22, 2014

    Although the 1.45BTC offer is bogus and there is no evidence to suggest any of the passwords was decrypted, all eBay users are advised to change their passwords as a precaution.

    Historically, similar attacks have been used as fodder by some bitcoin proponents, as they expose the inherent vulnerability of centralised systems.

    For its part, eBay hasn't shut the door on the cryptocurrency entirely. Last month CEO John Donahoe said digital currency will play an important role in the future and confirmed that the company is considering enabling bitcoin payments via PayPal.

    Computer Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.