Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

eBay dismisses data sale, as research reveals it is fake

by The Gurus
May 23, 2014
in Editor's News
Share on FacebookShare on Twitter

Rumours circulated last night that the 145 million eBay records were available for sale for around £450.
 
A pastebin statement claimed to have the “full eBay database dump with 145, 312, 663 unique records” and asked for 1.453 in Bitcoin. The seller did not respond to an email sent by IT Security Guru.
 
Analysis by Kenn White, Rapid7 and Per Thorsheim determined the database to be fake, and eBay also confirmed that it was not genuine. Rapid 7 global security strategist Trey Ford, said: “It’s not uncommon for criminals to spot an opportunity to cash in on an attack by offering false credentials for sale. This happened with the LivingSocial breach too.”
 
The seller offered a sample database of 12,663 credentials, which Ford said offered matches between email addresses and a popular Malaysian web forum, which may point to the true source of these credentials. “We have no way to confirm how statistically representative the leaked APAC sample is of the broader dataset, or whether this site is the true source,” he said.
 
“While we don’t think the credentials on pastebin are from eBay, it is interesting to note that cracking the passwords in the sample that was shared would take considerable time. This is nothing like what we saw when LinkedIn was breached and the stolen credentials were quickly cracked due to only SHA-1 hashing being used for storage.”
 
Lysa Myers, security researcher at ESET, said: “The users that are shown in the sample would represent an odd subset of users for an international company like eBay. The price asked (1.45 Bitcoin) would seem to be astonishingly low for the data of 145 million users. Even if the sample is not in fact from the eBay breach, it could potentially be data could be from another company’s leak.”
 
Analysis by AppRiver found that those selling the database switched their Bitcoin wallet at least twice over the course of the night, with claims that the seller may be making efforts to diversify, or that this was a honeypot set by authorities to lure in would be buyers.
 
Jon French, security analyst at AppRiver, said: “If you search pastebin, there are a few posts similar to this one and some with people claiming they did it.
 
“This could be leaked data from another breach, or just a well made fake that was fed some good starting data. But there is a lot of unique information in the file, and it varies pretty well in things like the domains, names, and birthdays, so I assume it may be real at least in some sense.
 
“The complete file with all 145 million people looks like it would be around 22 gigs too, that’s big and sounds about right. The Adobe breach file was about 9 gigs (153 million users) but had probably about half the data per line.”
 
Stephen Coty, chief security evangelist at Alert Logic, said that analysis of the data found that the password was encrypted with a sha 256 algorithm and even if you salted them, it would still take years to brute force the passwords in this database.
 
“So you would have to change technique and start utilising rainbow tables and attempt to brute force weak passwords,” he said. “This is assuming they did not get the encryption keys while they were are on the network, but these types of details have not been released. There are a lot of valid companies on t
he list of domains in the downloadable file.”

FacebookTweetLinkedIn
Tags: eBayhackingsale
ShareTweetShare
Previous Post

Cyber Squared Inc. Announces Launch of ThreatConnect European Community

Next Post

ICO, Connecticut, Florida and Illinois set to investigate eBay

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information