eBay Addresses Vladuz Hacking Incident
By Ina Steiner
Rumors have been circulating since December that a Russian had hacked into eBay databases. Screenshots of discussion-board posts by eBay moderators that were composed and signed by "Vladuz" were posted by eBay members as proof that the hacker had accessed eBay email accounts. An eBay spokesperson did not respond to an inquiry made by AuctionBytes last month looking for information about the alleged hacking incident.
But a small group of eBay users kept discussing the Vladuz matter online. On Wednesday, eBay finally responded to an inquiry from the Register in the UK and acknowledged that someone had obtained access to a small number of eBay email accounts (http://www.theregister.co.uk/2007/02/20/ebay_conspiracy).
eBay spokesperson Hani Durzy told AuctionBytes on Wednesday that at no time did the fraudster have access to any member's personal or financial information. Durzy said a Romanian had obtained access to a handful of email accounts from some customer service representatives. The only information he had access to was information contained in emails, which did include some screenshots of some backend tools, Durzy said. Email servers are kept separate from servers hosting member data, he said.
eBay has a policy that prohibits employees from putting customers' financial information in emails, such as credit card numbers or social security numbers (street addresses do not fall under that policy, Durzy said, since that is already in the public domain). eBay customer service representatives are trained about what they can and can't put in emails.
Durzy claims the perpetrator was a "known Romanian fraudster" going by the handle Vladuz. "Our number one priority is to see him caught and locked up," Durzy said.
Over the past few weeks, eBay had removed multiple threads from its discussion boards in which members discussed the Vladuz incident, including on its German and UK sites. But users kept the pressure on eBay by discussing Vladuz on their own sites that sport such quirky names as FireMeg.blogspot.com, PheeBay.com and eBayMotorsSucks.com. Durzy said eBay forum threads were removed because they included the screenshots that had been obtained illegally. "We do not allow people to link to that information on our boards."
Asked why eBay did not address member concerns in the discussion boards, Durzy said it would not be appropriate for him to comment on a specific case, but said eBay makes decisions that are in the interest of the marketplace as a whole.
About the author:
Ina Steiner is co-founder and Editor of EcommerceBytes and has been reporting on ecommerce since 1999. She's a widely cited authority on marketplace selling and is author of "Turn eBay Data Into Dollars" (McGraw-Hill 2006). Her blog was featured in the book, "Blogging Heroes" (Wiley 2008). Follow her on Twitter at @ecommercebytes and send news tips to firstname.lastname@example.org.
You may quote up to 50 words of any article on the condition that you attribute the article to EcommerceBytes.com and either link to the original article or to www.EcommerceBytes.com.
All other use is prohibited.