Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Sun Dec 10 2017 16:24:07

eBay Privacy Breach Exposes Customer Names on Google

By: Ina Steiner

Sponsored Link

In what appears to be a major breach of customer privacy, eBay is exposing customers' real first and last names, as well as the items they've purchased, publicly on Google. 

While the idea that your real name is exposed in a product review you left for a benign product like clothing or books is disturbing enough, Google is also displaying eBay customer names for sensitive purchases such as medical diagnostic tests - including pregnancy, drug, and HIV home testing kits.

A reader who provided EcommerceBytes with the news tip told us, "As both an eBay seller as well as being a buyer who has left product reviews for item that I have purchased on eBay, this new revelation is very disturbing to me. Furthermore what really scared me is the fact that with very little effort on my part I was able to match the reviewers actual name with their anonymous eBay user ID, by opening both the eBay product page and the Google Shopping product page in separate windows and placing them side by side."

For every search we conducted, from cookbooks to medical test kits, all of the reviews on Google Shopping Product Pages that were provided by eBay.com displayed actual customer names and the date they left the review, while reviews from other online retailers, such as Target.com and Walmart.com displayed user IDs.

It's not likely that someone who purchased a medical diagnostic test on eBay name would be thrilled that their review might be read by family members, partners or employers. One buyer was clearly concerned about the privacy of his purchase, noting in his review of a test kit he'd purchased on eBay that he was pleased it had come in discrete packaging.

EcommerceBytes was also able to do some matching of real names and user names of product reviews on Google Shopping and on eBay; once we had the eBay user name, we could see what other reviews they left. If they also used their eBay account to sell items, we could see their location (usually city, state, and country).

It appears there is a flaw in the feed eBay provides to Google, and this not the first time that eBay has been accused of compromising users' privacy. In 2014, NYU researchers discovered that they could aggregate eBay buyers' purchases, and characterized it as a security breach - and that was when they had only the user names, not the actual names of buyers.

As part of the 2014 study, the researchers conducted a survey to gauge buyer expectations around privacy on the marketplace, they found nearly 39% preferred to make a sensitive or private purchase on eBay, "noting that they believed the site was a more discrete vendor than a physical store."

"Additionally, 38 percent of those surveyed believed that their purchase histories were visible to no one except them," the NYU researchers wrote. 

We can't overstate how troubling this breach of privacy is, and of all the developments that have caused users to be concerned about privacy over the years, this tops the list right next to eBay's massive data breach of 2014 when it forced 145 million users to change their passwords. 

We reached out to eBay and Google prior to publishing, a Google spokesperson said he would look into the matter. eBay as not yet responded.

Update (Mon Dec 11 2017 10:03:27): Google Masks Customer Names after Alerted to eBay Privacy Breach (link)

Update (Mon Dec 11 2017 19:46:04): Google Says eBay Is Working to Resolve Privacy Flaw (link)




Comments (32) | Leave Comment | Permalink

Readers Comments

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: FeelingFroggy This user has validated their user name.

Sun Dec 10 17:08:16 2017

Best preventive medicine for that problem DON'T BUY ON FLEECEBAY,

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: pace306 This user has validated their user name.

Sun Dec 10 17:58:37 2017

Whats DO NOTHING Devin's excuse NOW?

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: BuildingMyOwnSite

Sun Dec 10 18:16:32 2017

   How MANY TIMES has this sort of stuff slipped out of Ebay.

   A couple of years ago,  Target did a “SIMILAR STUPID”.   The Forbes article below is FANTASTIC READING, about HOW Target figured out she was PG, and what is done with our data, WHETHER we give it up freely on “Registries”, Warranty Forms, and Doctors Offices.  OR from BASIC STUPID, inept, inexperienced Ebay & Google Employees.  OR from Hackers.  OR from Poorly written code as previously seen on Ebay.

How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did  
OR
“Target knows before it shows”.

   An angry man went into a Target outside of Minneapolis, demanding to talk to a manager:      “My daughter got this in the mail!” he said. “She’s still in high school, and you’re sending her coupons for baby clothes and cribs? Are you trying to encourage her to get pregnant?”

   The manager didn’t have any idea what the man was talking about. He looked at the mailer. Sure enough, it was addressed to the man’s daughter and contained advertisements for maternity clothing, nursery furniture and pictures of smiling infants. The manager apologized and then called a few days later to apologize again.

   On the phone, though, the father was somewhat abashed. “I had a talk with my daughter,” he said. “It turns out there’s been some activities in my house I haven’t been completely aware of. She’s due in August. I owe you an apology.”

https://www.forbes.com/sites/kashmirhill/2012/02/16
/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/#573f8ddf6668

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: toolguy

Sun Dec 10 18:21:13 2017

Sure enough!

Real names on eBay reviews on Google shopping!

But on eBay you don't see real names, just ID's, wonder Google is showing them?

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: BuildingMyOwnSite

Sun Dec 10 18:28:28 2017

Given how a SMALL, and innocent amount of information Target was able to turn into a fairly reliable pregnancy predictor.....

And how MUCH info Ebay, Etsy, Amazon, Google have about us.....

What do you think they really do with it, and how safe is it.....

Will they help you get your LIFE BACK when your ID is stolen???

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Studiolines This user has validated their user name.

Sun Dec 10 21:14:21 2017

The Worlds Top programmers are at it again. Way to go Ebay, that should finish off  any legit customers desire to buy on the site. Must be time to change the TOS / user agreement to cover this faux pas .

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Studiolines This user has validated their user name.

Sun Dec 10 21:15:56 2017

Maybe they will include a free lifelock subscription for everyone.  

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: b86fiero This user has validated their user name.

Sun Dec 10 21:27:58 2017

While I personally don't give a hoot if my name appears with a product review I wrote, if I wrote it I own it, I have to wonder how badly the immediate angry backlash from those who prefer to fly under the radar is going to affect ebay in the near future.

The long term is anybody's guess.  Is this the final straw?  How can a company that has so little respect convince its members once again that it can be trusted?  

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: donald This user has validated their user name.

Sun Dec 10 21:27:58 2017




What can you expect from a greedy, inflexible (I mean stupid), handicap, mediocre and incompetent company?



Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: ebayout This user has validated their user name.

Sun Dec 10 21:30:13 2017

ebay may have to take on an assumed identity...

"Harvey" would be a great choice.

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Ichabod This user has validated their user name.

Sun Dec 10 21:58:18 2017

I am pretty sure this has been going on for the last couple of years, maybe longer, but about 3 weeks ago I started noticing that my sales totals, the ones at the top of the seller hub page, next to your user ID, were not going up, no matter how many sales I made. Either that or I would deliver 15 packages to the PO and maybe a week later my total would go up by one or two points. About 3 weeks ago I wrote down my total and kept track. I sold 7 items one week and my "sold" column showed 4 sales even though all seven were in the 'all orders' section. My sales total did not go up at all. The next week I sold 4 items and got credit for 2 of them even though they were all in the "all orders" section and my sales total didn't go up at all. The month of December, so far, I have sold only 3 items (thanks ebay) and I got credit for two of them and my sales total has gone up two notches. This might not matter and I realize that this is peanuts for most of you on here but ebay recently took away my top rated seller status, citing too many returns in the home and garden category. The top rated seller status afforded me, usually, a couple hundred extra free listings every month. I don't get those since they took that away and I am wondering, if they can't keep track of how many sales I have made, did they jury rig the numbers in order to raise how much commissions I pay and to take away the free listings? To me it seems that they are either dishonest, incompetent, lazy, or stupid, or some combination thereof. And now you tell us about this breach of info, it looks more and more like they are dishonest. Sad to say, they are still the best market available but I HATE, HATE HATE HATE doing business with liars and thieves. It galls me to have to pay them anything, considering how badly this site is run. And the most ironic part of all of it is that they would make more money and do more business and make more money and do more business and make more.............if they were honest. It's everywhere these days I guess. Thank God I am old and will be dead in a few years. :-) Merry Christmas everyone.  

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Tiffee Jasso This user has validated their user name.

Sun Dec 10 22:04:46 2017

Simple answer. Keep your mouth shut and don't review anything even dog food.  

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Studiolines This user has validated their user name.

Sun Dec 10 22:20:42 2017

@Ebayout  I vote "  Felicia  "

Bye Felicia

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: ebayout This user has validated their user name.

Sun Dec 10 22:21:17 2017

@Ichabod
Totally agree...I've done well on ebay, but I've reached the point where I WILL cut off my nose to spite my face...it'll be a battle with myself to list anything that gives them anything over $5 in a FVF. Luckily, I have but a few high dollar items left, but a bunch of under $15. Once those are gone, it's AMF.

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Studiolines This user has validated their user name.

Sun Dec 10 22:24:25 2017

@B86fiero
If your reviewing highend electronics or jewelry, might not be to nice to have your name and city. The Grinch might come see you before Christmas.

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: toolguy

Sun Dec 10 22:54:03 2017

@Studiolines

Where is the city mentioned?

https://www.google.com/shopping/product/551467338195
8571085?q=Instant+THC+Marijuana+20ng/mL&biw=1704&bih=968&prds=hsec:reviews,paur:ClkAsKraX9aG8lolLfvrl77evVrQ6Qp6nIttkn8i-rSAOaLkUNomGpmdWfn9lSZaIauhw7bYGuTfw0ck8QKt8BllLkS9-9uChur2GoTm3EElGSN0S77m0rpMfxIZAFPVH72M8TfZOEwiEYkdCDwc-v9NAgLUaA&sa=X&ved=0ahUKEwju1Jazh4HYAhVU8mMKHbGxAB4Q9AII6wIwAg

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: toolguy

Sun Dec 10 23:52:59 2017

Looks like eBay & Google have corrected the problem!

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: Marie

Mon Dec 11 02:40:23 2017

Froggy

This has nothing to do with purchasing on Ebay.  To avoid this problem, don't leave product reviews.  That doesn't excuse Ebay for this breach at all.  I'm only saying that the act of buying on Ebay has nothing to do with the problem described in the article.

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

This user has validated their user name. by: Marie

Mon Dec 11 02:55:12 2017

@ichabod
It is possible that your Seller Hub was having an issue reporting your sales on the SH, not that Ebay wasn't recording your sales.  The two are very different problems.  If your items were showing in your sold items, you should be just fine.  However I would report the problem you are seeing on your SH.

In your transaction counts, remember that that it only shows your US transactions.  International transactions do not show in your transaction counts on the US site.  You can go to your dashboard and click on "see monthly breakdown" and that will give you your transactions counts.  It is usually one or two days behind.

Losing your TRS status due to too many returns is an important issue.  For Ebay to count those returns against you, you must be allowing them to be escalated to a claim.  If you would take care of them in the Request stage, they will not count against your seller's stats.  You may want to review how you process Requests for returns to see if you can adjust how you handle these so that you can work toward regaining your TRS status.

Would you offer more information on this statement "The top rated seller status afforded me, usually, a couple hundred extra free listings every month." How do you get these?  I've been TRS for years and never gotten these, what am I missing?  

I think you may have some misunderstandings.  

As for this breach referred to in this article.  IMHO it is a serious one and Ebay needs to get this plugged up quickly and completely.  In the meantime, we can all protect ourselves by NOT leaving any product reviews.

Perminate Link for eBay Privacy Breach Exposes Customer Names on Google   eBay Privacy Breach Exposes Customer Names on Google

by: Studiolines This user has validated their user name.

Mon Dec 11 11:00:29 2017

@toolguy
per the article
If they also used their eBay account to sell items, we could see their location (usually city, state, and country).

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.