Exclusive: eBay removes page that exposed data

Following an inquiry from CNET, the e-commerce giant takes down a Web page that was being automatically filled in with other people's information.

This is the message that now appears on the eBay Web page that was leaking customer data last night.
This is the message that now appears on the eBay Web page that was leaking customer data last night. Click to enlarge.

eBay removed a page from its Web site that was leaking customer data after CNET inquired about the security issue.

Acting on a reader tip last night, CNET verified that an eBay Web page for sellers to order co-branded U.S. Postal Service boxes was exposing customers' names, addresses, e-mail addresses, and phone numbers. The site was automatically filling in a stranger's information when the page was accessed by a logged-in user.

eBay representatives did not respond to e-mails or phone calls from CNET last night. They did, however, take down the leaky Web page either late last night or early this morning.

After a call and e-mail from CNET this morning, eBay spokeswoman Johnna Hoff e-mailed this statement: "We are currently experiencing a technical issue that is impacting the functionality of the eBay-USPS box-ordering Web site. We have temporarily taken the eBay-USPS site down as we identify and resolve the issue. It is possible that fewer than 5,700 mailing addresses were inadvertently viewed by users coming to the site to purchase shipping boxes. We plan to contact the impacted users."

It remains unclear how long the Web page was leaking the information.

We will update this post as we get more information.

CNET's Josh Lowensohn contributed to this report.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Want affordable gadgets for your student?

Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!