DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

eBay Privacy Breach Exposes Customer Names on Google (Updated)

Posted on December 11, 2017 by Dissent

Ina Steiner reports:

In what appears to be a major breach of customer privacy, eBay is exposing customers’ real first and last names, as well as the items they’ve purchased, publicly on Google.

While the idea that your real name is exposed in a product review you left for a benign product like clothing or books is disturbing enough, Google is also displaying eBay customer names for sensitive purchases such as medical diagnostic tests – including pregnancy, drug, and HIV home testing kits.

A reader who provided EcommerceBytes with the news tip told us, “As both an eBay seller as well as being a buyer who has left product reviews for item that I have purchased on eBay, this new revelation is very disturbing to me. Furthermore what really scared me is the fact that with very little effort on my part I was able to match the reviewers actual name with their anonymous eBay user ID, by opening both the eBay product page and the Google Shopping product page in separate windows and placing them side by side.”

Read more on eCommerceBytes.

Update: It looks like Google masked what eBay exposed. But why hasn’t eBay responded? If they are sending out data that they shouldn’t be sending out, maybe an FTC complaint might get them off the dime? DataBreaches.net tweeted an inquiry to eBay and will update this if we get a response.

Update 2:  This would be funny if it wasn’t so pathetic.  Here’s is eBay’s response to the private message I sent them yesterday on Twitter;

Me: Has @ebay fixed the problem described here: https://www.ecommercebytes.com/C/blog/blog.pl?/pl/2017/12/1512941047.html … or should everyone who care about their #privacy just cancel their ebay accounts?

Them: Thank you for contacting eBay today, please take a few moments to rate your experience

They asked me to rate my experience of them never answering me? Seriously? I gave them the worst possible rating for never answering me at all other than to ask me to rate their service.

I also posted my query to them publicly in their timeline. And although their team has been online and answered many questions since then from others, they have not replied to mine at all.

In the meantime, I do not think I will be so quick to rate any sellers or products on eBay.

Category: Business SectorExposureOf Note

Post navigation

← National Capital Poison Center discloses ransomware incident
South Korea Imposes ~$55,000 Fines On a Crypto Operator for Security Failures →

2 thoughts on “eBay Privacy Breach Exposes Customer Names on Google (Updated)”

  1. John says:
    December 12, 2017 at 12:41 pm

    It appears eBay was rather quick to answer your problems, because the names are no longer there 🙂

    1. Dissent says:
      December 12, 2017 at 1:12 pm

      Appearances can be deceiving. Google removed the names/masked the problem. I still have not heard from eBay as to whether they have fixed the problem on THEIR end so that they are no longer sending the information to begin with!

      And it seems that you are with eBAY, so perhaps you could provide a real answer to that?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report