Hacker Vladuz Accesses eBay Servers, Suspends Accounts

by: shebuysbluesky

Thank you so much for reporting this story and for being able to gain confirmation from eBay. I am one of those whose eBay accounts (user Id shebuysbluesky) was affected on Friday Oct 5th. I was not surprised as I had already been convinced that the events of Sept. 25th did indeed show that Valduz or someone did have access to perform functions that reveal flaws in the eBay platform. I did not receive any email from the party responsible. (Not that I really want or need one thanks.) I suspect he was reading the thread at that particular moment and as I was one of those posting he chose to demonstrate some of what he was capable of doing.

I am very impressed that you were able to gain admission from eBay of what transpired. Thanks

by: sandypurins

Does anyone know why Vladuz is unhappy with eBay?

by: DOC

Interesting that eBay admitted Vladuz had access to a small number of accts. And they have blocked him from doing so again..

BUT.. eBay has been saying that since February and obviously has not been able to do block his unauthorised access to confidential member details.

If Ma would have invested the money she threw away on Skype in security we probably would not be reading this now!

I have lots of Vladuz screen captures over on the scams page. www.ebaymotorssucks.com

by: bugsmom55

eBay needs to stop wasting its time ''enhancing'' stuff and start securing its site, starting with getting some REAL user ID verification in place.  The site is full of scammers and hackers and people get ripped off right and left, there is nothing resembling customer service there (except the unpaid volunteers in the Answer Center), and all eBay cares about is making money no matter who gets hurt in the process.  Their whitewash of this incident is just another example -- don't admit anything happened because it might AFFECT THE FEES THEY COLLECT.  Never mind that someone could lose thousands to this hacker.

Vladuz' methods may be inexcusable but his contempt of eBay is understandable.

by: malmute35

I cannot get into e-bay or my ebay account is this the work of Vlqaduz?

by: dimes

What the hell is an "externally visible server" and why is our personal information on it?  

by: dimes

What the  hell  is an "externally visible server" and why is our personal information on it?  

by: dimes

What the [i]hell[/i] is an "externally visible server" and why is our personal information on it?  

by: dimes

What the  hell  is an "externally visible server" and why is our personal information on it?  

by: dimes

What the hell is an ''externally visible server'' and why is our personal information on it?  

by: dimes

You'd think after all those tries I'd have figured out how to italicize 'hell'.  But no.

by: 0ctavia

I do believe eBay are being economical with the truth.

But WOW, finally they actually admit to it being hacking not phishing, now that is headline news.

But, of course, knowing the disinformation there has been in the past from eBay spokespersons, it must have been a major intrusion into the system or they would still be sticking with the line of 'you must have given out your details'.

And isn't it also worrying that so-called "limited access" is all that's required to start NARUing the eBay members you have a grudge against in an obviously targeted attack?

by: Alex

''What the  hell  is an ''externally visible server'' and why is our personal information on it?''

A LEASED external server. It's another one of eBays dirty little secrets. They don't even own all of the servers the site operates on. Can't afford it, I guess...

Space is leased from other entities.

Not the most secure way to operate...

by: 0ctavia

ROFLMAO Hey Alex, maybe Vladuz OWNS the servers ;-)

by: GiovanniV666

ebay lied to the affected members. They told them it was an accident.

Do you trust a liar with your personal and financial data?

How many falsehoods is that now from ebay over this and closely related issues?

by: Retarce

I appreciate your fact based reporting of this story.

I was one affected by this incident, I suffered finacial loss due to the actions of Vladuz.

I received a email from Vladuz.

I have not received a call from eBay, I spent hours obtaining help from other eBay members (Thank you, you know who you are!), under my buying ID, and finally contacted 'Live Help' security before my account was restored.

Simply put, I openly made comments that were not in support of Vladuz's actions and he clearly wanted to send me a message.

This has not changed my mind about his mentality, it has only confirmed what I knew to be the truth...

Vladuz is no Robin Hood.

I and other eBay members wouldn't wish this ordeal on anyone, because no one deserves to be attacked in this manner.

So, if you're attacked by Vladuz in the future, there are many wonderful, intelligent and connected eBay members who will help.

by: "Jane"

I was also affected by this. I received and email from eBay in my messages as well as in my email account associated with that eBay ID. I'm using a different email and "name" here since I don't wish to be a target. I was not selling on this account and don't have any financial information listed under that eBay IDs info. It was a pain however having to change passwords etc. to get access again. I have not as yet checked my other eBay ID though. Keep me in your prayers!

"Jane"

by: Gail

Thank you for getting an admission of sorts from eBay, Ina.  Nichola Sharpe's response still begs the question: How can this hacker suspend eBay user accounts without accessing eBay's servers? Can our accounts be manipulated through these 'visible external servers'?

Aren't eBay's chat boards, discussion forums, blogs, groups, etc. all on external servers?  When we enter eBay's 'community forums', just how much of our account information transfers to these 'visible external servers'?

On September 17th, eBay announced ''A Single Sign In for Community Forums & the Rest of eBay''.  This is the default setting, and has to be opted out in Preferences. I opted out, and I'll no longer post in any of eBay's forums.

I sure hope your forums are not on a 'visible external server', Ina.

by: flunkee

Catching up to all of this folks.

Found myself locked out of my ebay account yesterday, after having not logged in for a couple weeks time. Found it strange that I needed to reset the password to get in - was not an easy one to hack.

Then found that I had received a ''A26 TKO NOTICE: Restored Account'' alert form letter in my ebay inbox.

Looked for activity on all my credit/bank accounts.  Nothing unusual.  I did find a slew of form-letter ''Question'' emails, (that I of course never generated), in my ebay sent items box though.  All dated 9/25 with the message below, (have deleted the name what I assume would be some kind of scam website so as not to disseminate further).

I would have thought of reporting it to ebay, but after hearing what is really going on, not sure that would be of any help whatsoever.

Curious if anyone else with the same/similar experience on 9/25?  My ebay username did not show up in the list of possibly compromised accounts that I've seen posted on the web.


=======================================

Dear friend
Welcome to www.(deleted).com ! We are one of the largest electronics distributors and wholesalers in beijing, China. We offer qualified digital products: motorcycles ,tv,notobooks,phones.psp,projectors,gps,dvd,dv,dc,mp3/4,musical instruments,toys,watches and so on, which are of world famous brands, such as sony, ibm, philips, nokia, dell and so on. All our items are brand new friom the manufactures and they come with 1-3 years' after service. These days we are expanding our overseas market, and every item is sold in extremely low price. Such chances should never be missed, ladies and gentlemen, do come to www.(deleted).com ! you will surely have a big surprise! We are looking forward to hearing from you!
my website : www.(deleted).com
Welcome to talk in MSN: (deleted)@hotmail.com

by: flunkee

Argggghhhh.  I missed one ref to the wesite in the last post.

!!!DO NOT GO TO THE WEBSITE MENTIONED IN MY LAST POST - POSSIBLY A SCAM WEB SITE!!!!

If anyone can get that infomation pulled down please do so!!!