DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

eBay Privacy Breach Exposes Customer Names on Google (Updated)

Posted on December 11, 2017 by Dissent

Ina Steiner reports:

In what appears to be a major breach of customer privacy, eBay is exposing customers’ real first and last names, as well as the items they’ve purchased, publicly on Google.

While the idea that your real name is exposed in a product review you left for a benign product like clothing or books is disturbing enough, Google is also displaying eBay customer names for sensitive purchases such as medical diagnostic tests – including pregnancy, drug, and HIV home testing kits.

A reader who provided EcommerceBytes with the news tip told us, “As both an eBay seller as well as being a buyer who has left product reviews for item that I have purchased on eBay, this new revelation is very disturbing to me. Furthermore what really scared me is the fact that with very little effort on my part I was able to match the reviewers actual name with their anonymous eBay user ID, by opening both the eBay product page and the Google Shopping product page in separate windows and placing them side by side.”

Read more on eCommerceBytes.

Update: It looks like Google masked what eBay exposed. But why hasn’t eBay responded? If they are sending out data that they shouldn’t be sending out, maybe an FTC complaint might get them off the dime? DataBreaches.net tweeted an inquiry to eBay and will update this if we get a response.

Update 2:  This would be funny if it wasn’t so pathetic.  Here’s is eBay’s response to the private message I sent them yesterday on Twitter;

Me: Has @ebay fixed the problem described here: https://www.ecommercebytes.com/C/blog/blog.pl?/pl/2017/12/1512941047.html … or should everyone who care about their #privacy just cancel their ebay accounts?

Them: Thank you for contacting eBay today, please take a few moments to rate your experience

They asked me to rate my experience of them never answering me? Seriously? I gave them the worst possible rating for never answering me at all other than to ask me to rate their service.

I also posted my query to them publicly in their timeline. And although their team has been online and answered many questions since then from others, they have not replied to mine at all.

In the meantime, I do not think I will be so quick to rate any sellers or products on eBay.

Related posts:

  • eBay hit with massive security breach, asks all users to change passwords (updated)
Category: Business SectorExposureOf Note

Post navigation

← National Capital Poison Center discloses ransomware incident
South Korea Imposes ~$55,000 Fines On a Crypto Operator for Security Failures →

2 thoughts on “eBay Privacy Breach Exposes Customer Names on Google (Updated)”

  1. John says:
    December 12, 2017 at 12:41 pm

    It appears eBay was rather quick to answer your problems, because the names are no longer there 🙂

    1. Dissent says:
      December 12, 2017 at 1:12 pm

      Appearances can be deceiving. Google removed the names/masked the problem. I still have not heard from eBay as to whether they have fixed the problem on THEIR end so that they are no longer sending the information to begin with!

      And it seems that you are with eBAY, so perhaps you could provide a real answer to that?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.