ThePhilips's Journal: eBay security conspiracy catches on with readers

Interesting RTFA - in comments from readers section - posted on ElReg.

One of the quotes:

It looks like the hacker gained VPN access to the internal eBay network. That, along with the fact that they don't stored hashed passwords but plain text ones is a very likely explanation of what is happening. So it's just plain old fashioned hacking which leads to disastrous results because eBay's bad security design.

Seems like eBay got itself compromised. I doubt that so much of eBayer computers' got 0wned. And the fact that crackers started immediately posting scam/auctions seem to point into direction of organized criminals who penetrate eBay's intranet or buy client accounts from its employees - to sell fitting account information to scammers. Original ElReg's story here is also worth reading. Quote:

A month later, Auction Guild was back, this time with evidence that a Romanian hacker going by the name Vladuz had developed and was circulating a sophisticated tool that reads confidential information residing on eBay's internal network, allowing attackers free reign of virtually any account and a trove of information that could be used in phishing attacks.

In short: stay away from such lucrative scam target as eBay.

P.S. Screen shots of the aforementioned tool from Vladuz.