An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries.
The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.
The post author has now closed the sale, after two copies were reportedly sold.
Use our personal data leak checker now to see if your email address has been exposed in previous leaks.
The post author provided five database entries as a sample of the leak:
At the moment, it is unclear how the post author acquired the data. CyberNews has not been able to independently verify nor confirm that the data definitely are from Amazon or eBay for the time period listed, 2014-2021.
An Amazon representative informed CyberNews that they investigated the claims and that there was no evidence of any data breaches.
This appears to be the most likely case, that neither Amazon nor eBay suffered any breaches on their end. Instead, the threat actor probably used a popular method of password spraying to acquire these credentials. Essentially, password spraying is a type of bruteforce attack by which an attacker tries to get into a large number of accounts by using a small number of commonly used passwords.
Should you be concerned?
Fortunately, the database does not seem to include very sensitive data, such as payment details, national ID numbers, or even email addresses.
However, the data currently put up for sale is still potentially sensitive, and it can be used for various purposes, such as doxxing users by revealing private information (such as sensitive products they don’t want anyone to know about) on a public form. Cybercriminals can also use the data for spam-list building or business intelligence purposes.
Whenever this happens – and leaked data occurs far more often than we’d like – it’s important for anyone who may be affected by this leak to:
- Check if their data has been leaked by using a service like CyberNews’ personal data leak checker, which currently has more than 15 billion records
- Change your passwords immediately. You should be using a unique password for each account you create. To help you with, use a trusted password manager that can create really strong passwords you don’t need to remember
- Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails
More from CyberNews:
Minimize your online risks – choose the best VPN service
Watch F1 live stream in 2021 from anywhere in the world
Facebook data leak – 533M Facebook users’ personal data leaked online
Want more privacy? Try out secure emails – and send sensitive information safely
On Sunday Feb 21, 2021 my Amazon account was attacked by bad actors that went on a $$$ shopping spree. Amazon failed to protect my encrypted payment data and allowed criminals to acquire all kinds of expensive garbage. From Florida, to Kentucky and Minnesota. I immediately called both Amazon and my bank. My bank was extremely helpful, but Amazon is treating me, a customer since 1995. Yes, 1995 with disdain and are demanding that I pay for stolen items. Someone at Amazon needs to know what their customer service reps are doing to loyal customers. Does anyone know how to contact Andy Jassy (Jeff Bezos’ successor)? We are done with Amazon, and we spend a ton of money on their site. I just bought a damn $900.00 robotic pool cleaner. I have already found better prices on office supplies at Quill[.]com.
If Amazon wants a little war, they’ve found the right guy.
Not Happy…
Amazon allowed a person to change my email sign on and password because this person had my old cell phone number. This happened four days ago. I can no longer access my Amazon account that I had for 15 years. Amazon said they would get back to me in 1 to 2 business days.
The best part is, the person who accessed my account called me on my new cell phone number to tell me she was trying to order something and all of my information (credit card, address, phone number) came up and she did not understand why. She has full range of my account and Amazon has done nothing to help me. My tv has Firestick, but now I have to replace them with Roku, since I cannot access my Amazon account.
I as well had my ebay account shut down for no reason! 100% positive review with 1 purchase and forgot about the account for just over a year before logging back into it to find out it was shut down. As well as another above, they had no information on why the account was shut down, yet the info under my profile said about violations! What violations, the account was used 1 time and then went idol! Yet they allow sellers to email you directly spamming/ sending advertisements to you and unless you take action eBay won’t do shit! An item goes missing you can’t contact them as they won’t allow phone calls, then when you try to resolve it in the app or online on your account cause the item didn’t arrive, it tells you to wait few more day’s ( again after last day for arrival ) before you can open a dispute/ case! This eBay account was a backup I made as a just incase issue, but my main account is one I’ve dealt with all this other issues with eBay customer service.
Amazon has gotten bad lately about items not arriving on time with prime! In last not even month I’ve had I bet 10 items not arrive on time. Their site will show they still have the order at 1 of their hub warehouse yet they want to call usps to ask where and when the item will arrive! Then they want you to wait another 2-3 days for a prime order to arrive past the set delivery date promised when order was made! As buyers we need to get together and make these companies realize we are not happy with the service we are getting and want it fixed! We are who makes their pay checks possible with buying from them yet we get shit on! A class action lawsuit might just do the trick for both! Put a dent in their bottom line / pockets and maybe then they will realize how easy they can go under!
These are fake companies run by our police state government. What do you expect? Just the Solarwinds attack alone — they compromised nearly every single cloud providers infrastructure — ALL of it! Guess who uses all of these platforms — pretty much every sector of our economy as well as about every non-profit organization. You don’t what you don’t own. And you can not secure what you don’t own either. Boycott these crappy companies. They are mining data on you even if someone else doesn’t steal it, they are directly.
This really upsets me and this explains why money has been missing from my account . I’m also tied of my calls being answered by third world countries where it’s hard for me to understand them and when you ask to speak to someone in the USA they have a nerve to hangup on you I spend to much money with amazon and I’m going to cancel my member ship and shop somewhere else. And I don’t know why now customer service only offer 5dollars I’m tied of being offered pennies for my troubles.I’m so done with amazon.
I was hit, they got more than I thought they would. Probably going to take me a long time to recover. My passwords were very strong and changed frequently. Don’t let them victim blame you, they leaked your info by improperly securing it on their end most likely.
My eBay account was suspended indefinitely out of the blue, contacted ebay they said they couldn’t tell me why and that there is nothing I can do,we need a better ebay like platform,that’s more secure and transparent,you can’t even talk to a customer service rep on the phone everything is all email and chat,shame on ebay I had 100% percent review and they gave no to chance to rectify what ever the problem was
This really makes me want to send EBay my SS # that they now DEMAND if I want to continue being a SELLER since they are doing away with PayPal . NOT HAPPY !!! Thanks a lot FEEBay …
Did you read the article or comprehend it? Do you understand how the data was retrieved? Because it was not an eBay breach…
So says eBay and Amazon
I wounder my personal information
I was scammed by individuals claiming to represent eBay. They claimed my account was hacked by individuals in Mexico. They threatened and lied about the seriousness of the hacks which scared me. I lost $4000!.
Dumbass! You should have called ebay tocheck your account!
Called amazon yesterday about odd notation next to my name and list of purchase line.
Notations disappeared later in day. Person I spoke to at Amazon responded as is she was unaware of cause of notation but that my account was “ok”. Took a photo of the notations .
Any idea what was going on ? Your site is only one could find mentions this type of activity.
Nice