DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

eBay Privacy Breach Exposes Customer Names on Google (Updated)

Posted on December 11, 2017 by Dissent

Ina Steiner reports:

In what appears to be a major breach of customer privacy, eBay is exposing customers’ real first and last names, as well as the items they’ve purchased, publicly on Google.

While the idea that your real name is exposed in a product review you left for a benign product like clothing or books is disturbing enough, Google is also displaying eBay customer names for sensitive purchases such as medical diagnostic tests – including pregnancy, drug, and HIV home testing kits.

A reader who provided EcommerceBytes with the news tip told us, “As both an eBay seller as well as being a buyer who has left product reviews for item that I have purchased on eBay, this new revelation is very disturbing to me. Furthermore what really scared me is the fact that with very little effort on my part I was able to match the reviewers actual name with their anonymous eBay user ID, by opening both the eBay product page and the Google Shopping product page in separate windows and placing them side by side.”

Read more on eCommerceBytes.

Update: It looks like Google masked what eBay exposed. But why hasn’t eBay responded? If they are sending out data that they shouldn’t be sending out, maybe an FTC complaint might get them off the dime? DataBreaches.net tweeted an inquiry to eBay and will update this if we get a response.

Update 2:  This would be funny if it wasn’t so pathetic.  Here’s is eBay’s response to the private message I sent them yesterday on Twitter;

Me: Has @ebay fixed the problem described here: https://www.ecommercebytes.com/C/blog/blog.pl?/pl/2017/12/1512941047.html … or should everyone who care about their #privacy just cancel their ebay accounts?

Them: Thank you for contacting eBay today, please take a few moments to rate your experience

They asked me to rate my experience of them never answering me? Seriously? I gave them the worst possible rating for never answering me at all other than to ask me to rate their service.

I also posted my query to them publicly in their timeline. And although their team has been online and answered many questions since then from others, they have not replied to mine at all.

In the meantime, I do not think I will be so quick to rate any sellers or products on eBay.

No related posts.

Category: Business SectorExposureOf Note

Post navigation

← National Capital Poison Center discloses ransomware incident
South Korea Imposes ~$55,000 Fines On a Crypto Operator for Security Failures →

2 thoughts on “eBay Privacy Breach Exposes Customer Names on Google (Updated)”

  1. John says:
    December 12, 2017 at 12:41 pm

    It appears eBay was rather quick to answer your problems, because the names are no longer there 🙂

    1. Dissent says:
      December 12, 2017 at 1:12 pm

      Appearances can be deceiving. Google removed the names/masked the problem. I still have not heard from eBay as to whether they have fixed the problem on THEIR end so that they are no longer sending the information to begin with!

      And it seems that you are with eBAY, so perhaps you could provide a real answer to that?

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.