|Sat Oct 6 2007 21:00:40|
Hacker Vladuz Accesses eBay Servers, Suspends Accounts
By: Ina Steiner
eBay confirmed that a known fraudster had limited access to a very small number of eBay accounts on the eBay.com site and the company appeared to have reacted quickly to block him on Friday. eBay spokesperson Nichola Sharpe said, "At no point did the fraudster get any access to financial information or other sensitive information." In a strange twist, some users reporting the incident said they had been openly critical of a hacker calling himself Vladuz and had been suspended briefly during the incident.
Vladuz has been targeting eBay for at least 10 months and is believed to have been responsible for last week's posting of approximately 1200 eBay members' names, User IDs and addresses and unmatched credit card numbers to the eBay discussion forums.
The latest drama began unfolding Friday afternoon. One user explained that she received an email that said, "Stop saying sh*t stuff about me, a**hole" signed by vladuz. She tried logging in to the eBay discussion boards and received a message that she was suspended due to seller non-performance issues. (She does not sell on eBay.) She said of Vladuz, "I admit I had been less than complimentary about him on the boards."
Another user said he received an email which quoted something he had written on a board wishing Vladuz would get caught, with the message "Oh ya? f*** you."
Both said the sender wrote from the Google email account, "firstname.lastname@example.org."
Several other eBay users reported a similar incident in which they were unable to log in to the eBay site, though not all of them received an email purporting to be from Vladuz.
One user said his account was back up and running in 30 minutes, another said it was back up in 60 minutes. eBay's Nichola Sharpe said, "We have already secured and restored the affected accounts and are proactively calling the affected users to reassure them that their eBay account is secure."
This is the first time eBay has said that a hacker gained access to user accounts by means other than through phishing techniques. Sharpe said, "The fraudster did this by accessing externally visible servers not by hacking into the eBay site." eBay was not specific about the type of information the servers contained nor who had access to it.
In February, an eBay spokesperson had said of Vladuz, "Our number one priority is to see him caught and locked up." While Sharpe would not confirm Friday's incident was the work of Vladuz, some members seem to have no doubts.
A user who received a message from Vladuz and lost access to his account on Friday wrote to AuctionBytes, "There are so many members who despise eBay, legit reasons or not, that support Vladuz, I do not support what this hacker is doing. I don't care for his/her "stick it to eBay" attitude or the attitude of "attack" mode against members who do not support his combative, destructive behavior."