Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Mon Dec 11 2017 10:03:27

Google Masks Customer Names after Alerted to eBay Privacy Breach

By: Ina Steiner

Sponsored Link

After EcommerceBytes alerted eBay and Google to a privacy breach yesterday, the real names of eBay customers that had been displaying in the Product Reviews section of Google Shopping were replaced with dashes overnight.

In fact, Google has masked data in that field for all product reviews - not just for eBay-provided reviews, but for those provided by retailers like Target and product-review sites like ProductReview.com.au as well.

eBay did not respond when we reached out yesterday afternoon to ask if it was aware it was providing Google with product reviews that included customers' real names instead of user names. Nor has it responded as of this morning. 

Google, however, was immediately responsive, and asked us for more information. A spokesperson followed up last evening, asking, "Are you able to send other info about this issue? I'd like to send it to the shopping team so they have more info. They have your article but asked for addl detail."

By this morning, Google Shopping no longer displayed customer names or user names in product reviews.

Google aggregates product reviews from many sources - retailers, marketplaces, and product review services. In most cases when leaving product reviews, consumers prefer using handles or first name and the initial of their last name rather than their full, real names. And it's easy to see why many people would not want to publicly reveal information about the items they have purchased.

But security is another issue in addition to privacy concerns. eBay users should now be even more careful about emails that look like they come from the company. The information about eBay customers published on Google Shopping can be used by fraudsters to trick eBay users into providing passwords and confidential financial information in what's called "phishing" or "spoof emails" scams.

eBay advises users about how to recognize spoof emails: "Our emails usually greet you by the first and last name you registered on your eBay account, and your eBay username." This is information that fraudsters could have easily obtained through the eBay Product Review breach we uncovered.

Not only could fraudsters have harvested eBay customers' real names and matched them to their eBay user names (as we did yesterday), they also had information about what the buyer had purchased, making it even easier to trick people. In some cases, we were able to identify not only the real name and eBay user name of the customer along with an item they had purchased, but the city and state where they lived. 

If you received an email that looked like it came from eBay that included your real first and last name *and* information about a product (or products ) you had purchased on the marketplace, would you assume it was legitimate?

You can find more information about the breach in yesterday's EcommerceBytes blog post.




Comments (20) | Leave Comment | Permalink

Readers Comments

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: Deacon Blues This user has validated their user name.

Mon Dec 11 11:00:08 2017

Props to Google for acting quickly and decisively to resolve this issue. Ebay? (crickets chirping....)
 

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: b86fiero This user has validated their user name.

Mon Dec 11 12:03:03 2017

Huge thanks to Google for doing the right thing.

Bah Humbug to ebay for yet another privacy breach and the silence.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: bpm This user has validated their user name.

Mon Dec 11 13:46:50 2017

"eBay did not respond when we reached out yesterday afternoon".... and "Nor has it responded as of this morning." How many times do we read that about Ebay? It's a company that truly does not give a you-know-what. Any other business would at least try to say something vaguely positive or (God forbid Ebay!) actually DO something.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: Ming the Merciless

Mon Dec 11 13:50:16 2017

Hey, if the ostriches don't admit it happened, then it didn't happen.

ebafia apologize? They'll find some way to blame it on sellers.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: iheartjacksparrow

Mon Dec 11 14:04:48 2017

Did anyone honestly expect that eBay would admit that they did something wrong? I'm amazed they didn't try to blame Google for the problem, because there's no way eBay's AI or other fancy programming could possibly be at fault, right?

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 14:08:38 2017

Everyone's quick to blame eBay when in fact this could've been all GOOGLES fault!

It takes two to tango. . .

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 14:23:24 2017

Google is the MOST intrusive company on the internet.

They track every thing you ever do.

Maybe eBay provides them this information for them to advertise and track you with the understanding Google will not reveal this information.

Maybe Google dropped the ball with privy info they pay eBay for. . .

Google is way more evil then Amazon & eBay combined!

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: David Steiner

Mon Dec 11 14:48:22 2017

You have to have a little understanding about how a feed like this works...

Google allows many online retailers to feed product reviews. All retailers need to provide a consistent, uniform feed - either from an SQL, MySQL or some other type of database.

Google's feed is looking for specific fields to fill out a product review - User Name, Rating, Marketplace, Rating, Review, etc. If one of those fields is out of place, or misnamed, that could cause havoc.

Only eBay's feed was displaying actual user names. Once both companies were apprised of the situation, Google requested more information, and within a few hours, all user IDs were stripped from reviews.

Even properly functioning feeds were blocked from showing user IDs. Short of removing all product reviews, the only workaround was to eliminate the User ID field until the offending feed was corrected.

I think most Tango instructors would be able to figure out where to lay the blame.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 15:48:00 2017

David, you might want to look at Google again!

All reviews have been removed from every company!

All reviews have a - on them. . .

This leads me to believe Google is at fault on this one, not eBay!

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: BuildingMyOwnSite

Mon Dec 11 16:05:03 2017

Ina Said:
“eBay did not respond when we reached out yesterday afternoon.....Nor has it responded as of this morning”

@toolguy said:
“Everyone's quick to blame eBay when in fact this could've been all GOOGLES fault!”

► The issue in the early stages of this disaster is, PUBLIC ACCEPTANCE OF THE PROBLEM, and announcement to all affected consumers that it is being handled with the UTMOST URGENCY!   Google acted upon DISASTROUS information.  Even upon notification by a respected industry news source, Ebay HAS  NOT DONE THAT.

Ebay is a mess of bad policy, and management, and once again shows, it can't get anything done right when it really counts!   JUST A SIMPLE ANNOUNCEMENT to begin with!  If Ebay were in charge we still wouldn't know about a subway bombing this morning, in New York.

@toolguy said:
“Google is the MOST intrusive company on the internet”
Google is way more evil then Amazon & eBay combined!

► AGREED.  But one difference, is that Google has SOME BRAINS & JUDGEMENT, somewhere in their DANGEROUS MONOPOLY.

David Steiner's response was perfectly written for what we know at this point.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: gramophone-georg This user has validated their user name.

Mon Dec 11 16:34:14 2017

David- I'm surprised eBay hasn't piped up in an attempt to blame Google yet. They were probably all off for the weekend. We saw their sense of urgency during the last major data breach... three months later someone woke up... "Wha? Huh? Someone's been here?"

Is it any wonder Google gets fed up with eBay?

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 16:46:33 2017

Here's an example of what Google is now showing. As you can see all companies have removed the ID and replaced it with a "dash"

This means Google was at fault. . .

https://www.google.com/shopping/product/6486559679583261184?q
=rivet+gun&biw=1704&bih=968&prds=hsec:reviews,paur:ClkAsKraX-UmiKwDC2k03eqbPK44bJPTee4jCcpkPsOucUsIH3-wWpN2RFZX_TI8vN7PdZ-B42KPuqz4DjLhKLR34qgQ16cwLDzmVjZVolQVnde8o8IUOIjW3hIZAFPVH70cXfVANxAK3a5DtYo4mZs8MnCyyg&sa=X&ved=0ahUKEwjVo-eB94LYAhVI6mMKHZ_1DuQQ9AIIuQMwEA

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: David Steiner

Mon Dec 11 17:04:00 2017

Please do explain your reasoning. I'm fascinated...

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 17:22:22 2017

eBay sells more then 1 feed to google.

Google used the WRONG feed last night and showed ebay's customers names

Now Google has taken the easy road out by removing all ID's from all reviews so there's no mistake like that again.

What it did show us is that eBay sells our names and and searches to Google.

I could be wrong but why would Google remove all ID's from all reviews as shown in my link?

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: P.Dorf This user has validated their user name.

Mon Dec 11 17:52:56 2017

@ David
I would like to know also about his reasoning.

To quote yourself:
"Even properly functioning feeds were blocked from showing user IDs. Short of removing all product reviews, the only workaround was to eliminate the User ID field until the offending feed was corrected."

See Tool, it's a workaround (for now)

@ Tool
To quote yourself:
"As you can see all companies have removed the ID and replaced it with a "dash""

You are implying that all the companies (not google) are replacing IDs with dashes. The offending feed was supplied by ebay.

You'd better hope google don't get p******d with ebay and remove them altogether

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Mon Dec 11 18:01:32 2017

@P.Dorf

No, I'm saying Google removed all the ID's until they find out what really happened.

This could indeed be eBay's fault but it could also be Googles.

I just didn't like the way everyone jumped to conclusions that this was eBay's fault.

Google is a MONSTER when it comes to information. . .But as we all know eBay is far from perfect, so far it's almost frightening!

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: David Steiner

Mon Dec 11 19:58:45 2017

Ahh, I see. That explains it then...

In any event, there is a new blog post with Google's statement.

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: Studiolines This user has validated their user name.

Mon Dec 11 23:48:44 2017

@toolguy You surmise that maybe eBay provides them this information for them to advertise and track you with the understanding Google will not reveal this information.
Doesn't this bother you to think Ebay would provide that info (against privacy policy)? At least it used to be.
What is to stop them from selling your name and info to anyone that would pay for it? I would imagine 68 million users info would be quite valuable. The algorithms they use to control search could be sufficiently adjusted to filter out any chunk of preferred user info based on any particular request.

Having already seen the way that Ebay handles the power they have over the financial well being of sellers as incredibly irresponsible, now it's apparent they have the same disregard for buyers.  

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

This user has validated their user name. by: toolguy

Tue Dec 12 12:04:47 2017

@Studiolines

Yes, it bothers me!

But I don't doubt for a second that eBay sells our information.

But eBay is no different then any other corporation, they seek revenue where ever they can get it.

Google and eBay are tied together with $$$$$ signs!

Perminate Link for Google Masks Customer Names after Alerted to eBay Privacy Breach   Google Masks Customer Names after Alerted to eBay Privacy Breach

by: Snapped This user has validated their user name.

Tue Dec 12 23:02:35 2017

Only one thing more dangerous than ignorance without information.  That would be ignorance armed with just a little bit of information.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.