Millions of Supposedly Amazon and eBay User Account Details Available for Purchase Online

  • Details of 14 million accounts supposedly of eBay and Amazon users were sold to at least two users.
  • The data includes full names and delivery addresses but no payment data or email addresses.
  • The two e-commerce giants have not announced any major security incidents recently.

Someone is selling about 14 million user accounts supposedly belonging to the Amazon and eBay e-commerce platforms on a popular hacking forum. The affected users are from 18 different countries, while the coverage period ranges between 2014 and 2021.

The data includes full names, postal codes, delivery addresses, shop names, and phone records. The price tag for the full package was set to $800, and according to CyberNews investigators who followed the sale closely, two persons bought the offering, and then the author closed the sale.

Source: CyberNews

Judging from the sample that was provided by the seller initially, the data pack appears to include valid data, but the sample only listed five entries, which is a very small percentage. As for how the hacker acquired the data in the first place, this remains unknown. It is even doubtful that this data really belongs to Amazon or eBay, or that it has derived from a security breach on them.

Neither Amazon nor eBay has announced any major security incidents this year, so this could be data from password spraying or the compromise of a third-party tool linked with the user accounts. That would explain why the number is only a subset of the entire userbase of the two giants.

Source: CyberNews

The sold data didn’t include payment details or user credentials, and not even email addresses. This makes the leak less damaging but not completely harmless. Doxxing remains a possibility, as the actors now know what users bought, who they are, and where they live. It would be fairly easy for hackers to also find the email addresses of most of these people, or they could even use post mail to extort them.

That said, you can take some precautions like resetting your password and using a unique and strong passphrase now. If you receive any weird emails informing you about this very security incident, be very careful and do not follow any links embedded in the message body.

REVIEW OVERVIEW

Latest

How to Watch The Real Housewives of New Jersey Season 12 Online From Anywhere

Get ready for new plot twists, exploding tempers, and a lot of tension in a new season of The Real Housewives of...

How to Watch Chicago Blackhawks Games Online Without Cable

The Chicago Blackhawks are one of the most widely known teams in the NHL, with a lot of history and a fanbase...

How to Watch Pam & Tommy Online from Anywhere: Release Date, Cast, Plot, & Trailer

This biographical drama series surrounds the infamous controversial '90s tape of Motley Crue drummer Tommy Lee and then-wife actress Pamela Anderson that...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari