Suspect in eBay phishing scam arrested in Romania

A man allegedly broke into eBay systems after stealing employee log-in data through phishing scams

Romanian authorities have arrested a phishing scammer who broke into eBay systems and accessed confidential files, including data of eBay customers and their transactions.

Liviu Mihail Concioiu allegedly harvested log-in credentials from eBay employees through phishing scams and used the data to steal sensitive financial data, according to the Google translation of a statement from Romanian authorities.

All in all, the suspect allegedly victimized about 3,300 eBay employees through his phishing campaigns in 2009, and then accessed a database where data about eBay customers and their transactions is stored.

He then compromised the accounts of almost 1,200 eBay users through phishing sites. Along with other accomplices, he also withdrew about $US400,491 from Italian bank teller machines.

In a separate attack, the suspect disrupted the operation of eBay's auction marketplace. The total cost to eBay from the breaches and attacks amounts to about $US3 million.

Romania collaborated with U.S. Embassy agents in Bucharest, with Italian authorities and with eBay staffers on the investigation.

EBay, whose internal investigators have been working with authorities on the case since May 2009, called the arrest of Concioiu and his partners "a great victory" against Internet fraud.

"We are confident that the evidence will link these individuals to a series of online attacks and organized criminal activity. EBay remains committed to working collaboratively with global law enforcement agencies to protect our user community and to prosecute criminals," eBay's statement reads.

It's not clear what type of data on eBay merchants and sellers was compromised. An eBay spokeswoman didn't immediately respond to a request for more details about the case.

Join the CSO newsletter!

Error: Please check your email address.

Tags intrusione-commercesecurityebayinternet

More about eBayGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Juan Carlos Perez

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place