An unknown user was offering the data of 14 million Amazon and eBay customers’ accounts for sale on a popular hacking forum. The data appears to come from users who had Amazon or eBay accounts from 2014-2021 in 18 different countries.
The database was being sold for $800 and the accounts are divided into their respective countries. The leaked data includes the customer’s full name, postal code, delivery address, and shop name, as well 1.6 million phone records.
The post author has now closed the sale, after two copies were reportedly sold.
Use our personal data leak checker now to see if your email address has been exposed in previous leaks.
The post author provided five database entries as a sample of the leak:
At the moment, it is unclear how the post author acquired the data. CyberNews has not been able to independently verify nor confirm that the data definitely are from Amazon or eBay for the time period listed, 2014-2021.
An Amazon representative informed CyberNews that they investigated the claims and that there was no evidence of any data breaches.
This appears to be the most likely case, that neither Amazon nor eBay suffered any breaches on their end. Instead, the threat actor probably used a popular method of password spraying to acquire these credentials. Essentially, password spraying is a type of bruteforce attack by which an attacker tries to get into a large number of accounts by using a small number of commonly used passwords.
Should you be concerned?
Fortunately, the database does not seem to include very sensitive data, such as payment details, national ID numbers, or even email addresses.
However, the data currently put up for sale is still potentially sensitive, and it can be used for various purposes, such as doxxing users by revealing private information (such as sensitive products they don’t want anyone to know about) on a public form. Cybercriminals can also use the data for spam-list building or business intelligence purposes.
Whenever this happens – and leaked data occurs far more often than we’d like – it’s important for anyone who may be affected by this leak to:
- Check if their data has been leaked by using a service like CyberNews’ personal data leak checker, which currently has more than 15 billion records
- Change your passwords immediately. You should be using a unique password for each account you create. To help you with, use a trusted password manager that can create really strong passwords you don’t need to remember
- Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails
Nice
Called amazon yesterday about odd notation next to my name and list of purchase line.
Notations disappeared later in day. Person I spoke to at Amazon responded as is she was unaware of cause of notation but that my account was “ok”. Took a photo of the notations .
Any idea what was going on ? Your site is only one could find mentions this type of activity.
I was scammed by individuals claiming to represent eBay. They claimed my account was hacked by individuals in Mexico. They threatened and lied about the seriousness of the hacks which scared me. I lost $4000!.
Dumbass! You should have called ebay tocheck your account!
I wounder my personal information
This really makes me want to send EBay my SS # that they now DEMAND if I want to continue being a SELLER since they are doing away with PayPal . NOT HAPPY !!! Thanks a lot FEEBay …
Did you read the article or comprehend it? Do you understand how the data was retrieved? Because it was not an eBay breach…
So says eBay and Amazon
My eBay account was suspended indefinitely out of the blue, contacted ebay they said they couldn’t tell me why and that there is nothing I can do,we need a better ebay like platform,that’s more secure and transparent,you can’t even talk to a customer service rep on the phone everything is all email and chat,shame on ebay I had 100% percent review and they gave no to chance to rectify what ever the problem was
I was hit, they got more than I thought they would. Probably going to take me a long time to recover. My passwords were very strong and changed frequently. Don’t let them victim blame you, they leaked your info by improperly securing it on their end most likely.
This really upsets me and this explains why money has been missing from my account . I’m also tied of my calls being answered by third world countries where it’s hard for me to understand them and when you ask to speak to someone in the USA they have a nerve to hangup on you I spend to much money with amazon and I’m going to cancel my member ship and shop somewhere else. And I don’t know why now customer service only offer 5dollars I’m tied of being offered pennies for my troubles.I’m so done with amazon.
These are fake companies run by our police state government. What do you expect? Just the Solarwinds attack alone — they compromised nearly every single cloud providers infrastructure — ALL of it! Guess who uses all of these platforms — pretty much every sector of our economy as well as about every non-profit organization. You don’t what you don’t own. And you can not secure what you don’t own either. Boycott these crappy companies. They are mining data on you even if someone else doesn’t steal it, they are directly.