'Copy' of stolen eBay data, including Singaporeans' particulars, on sale

A supposed copy of a stolen database from auction website eBay, said to contain the personal data of millions of users, including Singaporeans, has come up for sale online. -- FILE PHOTO: REUTERS 
A supposed copy of a stolen database from auction website eBay, said to contain the personal data of millions of users, including Singaporeans, has come up for sale online. -- FILE PHOTO: REUTERS 

Unknown person uploads sample of database, claiming to have all information

A supposed copy of a stolen database from auction website eBay, said to contain the personal data of millions of users, including Singaporeans, has come up for sale online.

The offer of sale was uploaded on Pastebin, a text storage website used mainly by programmers, last Thursday - a day after eBay raised the alarm about a breach of its corporate network.

An individual with the username "kbcdpfa" offered "a sample dump of 12,663 users" from the Asia-Pacific region and claimed to have the information of all of eBay's 145 million users worldwide.

The user did not name a price for the database, but claimed that "there is no guarantee you will get the same thing from other sources".

The leaked information includes names, encrypted passwords, e-mail and postal addresses, phone numbers and dates of birth.

The Sunday Times found at least 15 Singapore addresses and phone numbers listed and confirmed that three of these belong to Singaporeans. But those contacted by the paper said that they were not eBay users.

"I don't shop online and have also not used the e-mail address listed for some time," said technician Tan Siew Meng, 50. "But I am worried because this is very personal information that can be used for the wrong purposes by others."

A school's staff member, who wants to be known only as Mr Chua S.C., said his school's information technology team called him up yesterday morning when it was alerted to the breach.

"They advised me to change the password of my work account and I immediately went to change that as well as that of my PayPal," said the 63-year-old.

Mr Chua is not an eBay user, although he uses eBay's online payment subsidiary, PayPal, to pay for sporting events.

eBay had said on its corporate website that it has found no evidence that the personal or financial information of PayPal users were being accessed, nor customers' financial or credit card details.

When contacted, an eBay spokesman said it has checked the list that was published online and confirmed that those were not real eBay accounts.

"We do not want to speculate how people got those numbers but those are not authentic eBay accounts," he said.

"We encourage users to go to eBay to change their passwords, especially if they are using the same password for other accounts."

Singapore's Personal Data Protection Commission said last Thursday that it was monitoring the situation closely.

It said people who believe their information has been stolen should lodge a report with the police to determine if an offence has been committed under the Computer Misuse and Cybersecurity Act.

jantai@sph.com.sg