AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Thu Dec 15 2011 06:58:26

eBay Seller Exposes Buyer Transaction Data on Website

By: Ina Steiner

Sponsored Link

eBay is getting a black eye in Australia today after it was learned that one of its sellers was in the practice of publishing detailed information about eBay customer transactions on his own website.

According to the Sydney Morning Herald newspaper, the seller going by the eBay User name "shahizanhashim" published  names, phone numbers, postal addresses, email addresses and details about what customers purchased on its website, leaving it unsecured for anyone to access via a Google search.

The newspaper said eBay was able to remove the website tropicalsale.com. But EcommerceBytes was able to retrieve eBay transaction data from the site that was cached in Google, including buyers' User IDs, Tracking Numbers, Date shipped, Dollar amount, Country, and Shipping status.

We also were able to find details about a buyer from Huntsville, AL who left a negative feedback for the seller after an unsuccessful attempt to deliver the package left it as "unclaimed" at the Huntsville post office. The buyer's name and address along with her correspondence with the seller was still available in Google's cache as of 6:30 am EST Thursday morning.

According to the sellers' website, they are a husband and wife team living in Malaysia and selling "tropical clothings such as caftan dresses, tops/tunics, batiks, tie-dye, sarongs and a lot other beautiful dresses" fulltime online.

The sellers told the Sydney newspaper they had stored eBay information on their website to access information easily when they traveled, because "eBay has limited functionality for us to track the records of our customers' needs." They said they didn't realize the website had been indexed by Google and, according to the paper, "thought they were the only ones who could access it as they were the only ones who knew the URL."

The sellers' eBay About Me page (also available through Google's cache) stated, "We are selling variety of clothings from tropical region. Clothings are more focused on women dresses; caftans, tunics, batiks, tie-dye and other designs."

eBay Australia told the newspaper no personal financial information such as credit card details were exposed and said the seller's account was in violation of its privacy policy and user agreement.




Comments (20) | Permalink

Readers Comments

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Fed-up This user has validated their user name.

Thu Dec 15 07:51:35 2011

I wish there was a way to expose BAD buyers,

Ebay won't let us do it.

The Seller should be aware of the Bad buyers,
Yea, They have that Slap on the hand if they don't pay, They can do it as many time as they like,

Nothing a Seller can do about it, Or Even know about it,

YET, that bad Buyer can Trash a Good Seller.
It's such a same, that Ebay has lost so many GOOD Sellers,
To keep the Bad Buyers..

That is why we left over a Year ago.
Ebay can keep there bad buyers,

They seem pretty happy with them.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Lee Post

Thu Dec 15 07:56:24 2011

This one is hard to pin directly on eBay. If you are going to put sensitive information on your website, you should have a little knowledge about how to secure that data. I suppose its good that the seller wasn't accepting credit card number and posting those...

I will say, as a long-time seller, that eBay's tools leave a lot to be desired when it come to reports.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: pete

Thu Dec 15 08:48:20 2011

Good for anyone who lets out into the public arena any scam buyers details...as eBay dont allow negative feeback what is the option available.....eBay is less and less relavant as each month goes by, this year has been wonderful for us with much less stress and higher profits......we are now only selling on Amazon

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Mr Obvious

Thu Dec 15 09:17:38 2011

From the article at smh.com.au
"It's not just a lapse in security but a total absence of it," said Australian security expert at Sophos, Paul Ducklin.

Don't fret though ebay fans, there may be a pretty big ebay fraud brewing right here in the USA. Check feedback for Member t.j.electronics1

Looks ugly. Worthy of the national news imho

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Anonymous Annie

Thu Dec 15 13:11:36 2011

Exactly WHO shut-down the seller's web site?

Did eBay shut it down? Did they act unilaterally to do so? Was it with (or without) the seller's permission or cooperation?

If eBay did shut down the web site, I wonder who gave them the authority to do so?

I agree that the seller was negligent and incompetent... that the customer information should have never been made so vulnerable... and that the seller should have removed it right away.

Nevertheless, it's the SELLER'S responsibility to do so, not eBay's. The customer information and sale information now belongs to the customer, not eBay.

If eBay is so bold as to claim ''ownership'' of the seller's customer database... what's next? What is the dividing line? Where will eBay stop?

If eBay's false claim of ''ownership'' is not challenged here, then eBay will likely move forward and update the UA to prohibit Sellers from adding customer information to their database... or to prohibit Sellers from contacting the buyers (by mail or email) in order to drive existing customers to a non-eBay site.

Sorry, eBay... you are JUST A VENUE! (Remember?) You don't own our customer information.

Ultimately, this seller was foolish, naive, and grossly negligent. But his stupidity took place OUTSIDE of eBay, and eBay cannot rightfully claim any jurisdiction.

Call me cynical... accuse me of being paranoid... that's okay. I'm fine with that. The fact remains that this is a slippery slope that eBay will take advantage of.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: fvh

Thu Dec 15 13:23:23 2011

According to their reasoning these folks were practicing "security through obscurity," Unwisely, I might add. For reasons obvious to most of us, this practice all but disappeared in the 90s.

However, I find eBay culpable in all this; If eBay's tools were more useful and if they let you keep your transaction & customer information indefinitely, this would never have happened.

Unfortunately, this incident will likely cause eBay to allow sellers even less access to their own buyers information.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: massachusetts howler

Thu Dec 15 15:01:11 2011

That was unfortunate and if ebay allowed us to save data somewhere SAFE inside of ebay this would not have happened.
Now, here are some important numbers for us to really be concerned about.
This is how JD's PREFERED SELLERS are doing, let's strat with the WORST and go to the best.

HP: 91.7& Feedback
   1010 FB/1165 sales
   30 Nuetrals/105 Negs
(They are 100NEG/545 THIS MONTH.
They MUST lose TRS on the 20th!

DELL: 97.6% Feedback
     17714 Feedback
     13684 sales (this year)
     218 nuetral/331 neg
   
(Will they lose TRS on the 20th)?
Somebody CRUNCH it.

TOSHIBA: 98% Feedback
        663 Feedback
        654 sales
        7 nuetrals
        13 negatives

SONY: 98.5%
     572 feedback
     600 sales
     6 nuetral
     10 negative

DEWALT: 98.6%
       643 Feedback
       590 sales (this year)
       3 nuetral
       4 negative

I think we should ALL BE SCRUTINIZING THESE COMPANIES on the 20th.

TODAY The others are at:
Black & Decker: 30,380  sales/99.8% 134 nuet/59 negative
Barnes & Nobel: 99.5% 28221 sales/ 193 nuetral/160 negative
Skullcandy: 99.5%/ 93,445 sales/ 753 nuetral/ 428 negative
Eastern mountian Sports: 99.6%
Calvin Klein: 99.3%
FAO Schwartz: 99.4%
Brooks Brothers: 99.6%
Black & Decker: 99.8%
Barnes & Nobel: 99.5%
Skullcandy: 99.5%
Under Armor: 99.6%
Linksys: 99.2%
Toys r us: 99.2% 1526 sales/ 8 nuet/ 4 neg
Timberland: 99.7% 1526 sales/ 8 nuet/4 neg
Creative: 99.4% 347 sales/ 7 nuet/2 neg
Babies r us: 99.3%
Macmall: 99.3% 36,790 sales/ 238 nuet/245 neg
Jockey: 99.6/ 44485 sales/269 nuet/156neg

THESE are the numbers we should FOCUS ON this season.

Ebay's BUDDIES at Goldman are TRYING TO DEGRADE Amazon with BAD STORIES and PRESS on the Kindle and it is all HOGWASH. Goldman and JP MORGAN are all on JD's PAYROLL- Amazon is EATING Ebay ALIVE!
Don't be fooled!
Howler
(My prediction is taking longer than expected but the seperation of ebay and amazon will occur in the next week or 2 - WATCH- LOOK at Hewlett Packard- 100 NEGATIVES OUT OF 545 this month- THEY MUST LOSE TRS on December 20th- 91.7 FEEDBACK NOW and DELL is not far behind them- somebody CRUNCH the DELL #'s for us!!).

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Philip Cohen

Thu Dec 15 17:35:59 2011

Actually, for a change, it's not eBay's fault this time! The seller had not properly secured access to their own web site. Why would they have this data on their web site anyway? Very odd; still ...

eBay / PayPal / Donahoe: Dead Men Walking.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Ming the Merciless

Thu Dec 15 23:31:57 2011

1. I've reported hundreds of phishing emails to ebay and PayPal over the years.

One sentence in their stock replies always stood out in my mind. It was something to the effect that "we are working hard to disable this site."

Not "to get this site disabled" like going through the host or domain provider to legitimately pull it down but taking it down themselves which is illegal without a court order and perhaps not even then would ebay be given the authority to do this.

2. Q. What difference does a high nunber of bad feedbacks and high percentage of low DSRs mean to Diamonds with permanent DSR overrides?

A. Nothing. They're exempt.

Does anyone seriously think ebay is going to remove HP's TRS status now that the Queen of Mean and Bain Pain Negged Meg Whitman is in charge?

3. As for TJ Electronics, ebafia may get around to NARUing after they've kicked a few more on and pop sellers off the site.

4. Goldman Sachs has a long and tarnished history with ebay going back into the 90s when Meg was doing her insider trading. Their relationship and that with ebay remain, shall we say, quite cozy.

Goldman Sachs has never liked Amazon because they've never like Jeff Bezos' business plans.

This country would be infinitely better off if the government took over Goldman Sachs tomorrow and began re regulating Wall Street as a whole.

5. I know nothing about Australian law, but I question whether ebay actually has legal standing in the publication of customer data.

Those customers whose privacy was compromised would have standing to sue in this country but would have to prove actual damages in this country.

It's also unclear to me whether this data wasn't meant for public consumption and merely improperly stored online or whether the ebay seller was retaliating against bad buyers.

Maybe Phil can keep us apprised of this case.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Philip Cohen

Fri Dec 16 00:52:09 2011

I don't think there is a case. The seller is in Malaysia; the data apparently is about Australian buyers. From what I read the data was found and accessed by someone from a Google search; the data was never intended to be public; it simply was not properly secured, apparently. Regardless, as much as we would like to blame the "Pain from Bain" for everything, this is a balls-up that has got nothing to do with eBay—for a change!

eBay / PayPal / Donahoe: Dead Men Walking.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Tiffee Jasso

Fri Dec 16 01:36:34 2011

I like Meg Whitman and I think she will make HP a better company. I recently made a small complaint to HP and her people jumped right on it and took care of it immediately. Now that is service that I can appreciate. You can all hash over her rights and wrongs, however you wish, but when she ran Ebay it was a lot more profitable and easier for the small and part time sellers and we got equal search results along with the big boys.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Tula

Fri Dec 16 02:04:11 2011

@Ming:
How much do you want to bet Ebay supports the new IP/anti-piracy bills currently in Congress? They read to me like the Vero program: vague and overreaching and a definite threat to small businesses running honest operations. All those big guys will use it like they do the Vero program to get around the first sale doctrine and interfere with their smaller competitors' businesses.

With regards to this particular issue, it sounds like the seller wasn't very savvy about web security and thought his web site was a good place to stash data for access while traveling.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Oh Really

Fri Dec 16 02:49:05 2011

''However, I find eBay culpable in all this; If eBay's tools were more useful and if they let you keep your transaction & customer information indefinitely, this would never have happened. ''

They do! I have the complete data of every eBay transaction I've done on eBay since 2001.

The tools are there but you have to use them.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: DAC

Fri Dec 16 04:12:47 2011

It's just a publicity stunt. eBay is losing good sellers at an INCREDIBLE rate. This is just a public attempt at convincing prospective buyers that eBay is a safe to shop. However, everyone is well aware that EBAY is killing eBay, not a few inexperienced sellers.
We finally closed our ebay venue after 12 years, and we've never been happier! All our loyal customers followed us to our new site and sales have never been better!

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: frustrated This user has validated their user name.

Fri Dec 16 07:12:44 2011

Okay DOOUH, if they wanted to keep track of data on their sales, and didn't wanna risk a PC hard drive going bad, why didn't they just use Google Docs??

How incredibly STUPID.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: Money

Fri Dec 16 07:49:44 2011

I find it very annoying that regardless of the subject of a letter, some posters get on their soapboxes and start ranting about irrelevant issues.  What does a seller stupidly posting customer data on a website have to do with Diamond DSR's?

If you have an issue, write Ina a letter, but please stop hijacking every issue with these ongoing rants.  

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: StillOn

Fri Dec 16 07:58:49 2011

"This one is hard to pin directly on eBay" "Actually, for a change, it's not eBay's fault this time!"
Then why is he still a member in good standing? He has not bee naru'd by ebay. His "ME" page with a link to his website is still on ebay. None of his feedback show "No longer a registered user". It appears he may still be able to buy . . . Oh Darn, I forgot, if ebay makes money off you they really don't care what you do as long as you don't get caught then it's do the least they can so they don't lose any more revenue than possible.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

This user has validated their user name. by: Philip Cohen
Web Site

Fri Dec 16 14:40:50 2011

@ StillOn

This seller is not NARU's probably for the same reason that eBay rarely NARU’s a seller for shill bidding, a criminal practice that is literally rampant on eBay auctions, and that eBay has always effectively and knowingly aided and abetted before and after the fact. eBay is effectively a criminal organisation, they care nothing about you, all they want is your money.

PayPal claims PayPal Is Not a Payments Processor!
http://forums.auctionbytes.com/vbulletin/showthread.php?t=24148

eBay / PayPal / Donahoe: Dead Men Walking.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: wow just wow

Thu Dec 22 11:04:20 2011

the TropicalSale.com people are stupid and deserve to lose their business. This would have happened no matter which site they were selling on. Who out there thinks Google can't index your site because nobody but you knows the URL? That's like thinking you're invisible because you close your eyes, put your hands over your face, and can't see anyone else.

eBay Seller Exposes Buyer Transaction Data on Website   eBay Seller Exposes Buyer Transaction Data on Website

by: AgendaSwallowsAll

Sat Dec 24 13:42:56 2011

Anonymous Annie, you must have misunderstood. eBay owns everything, if you don't believe it just ask 'em.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.