Exclusive: eBay removes page that exposed data

Following an inquiry from CNET, the e-commerce giant takes down a Web page that was being automatically filled in with other people's information.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
This is the message that now appears on the eBay Web page that was leaking customer data last night.
This is the message that now appears on the eBay Web page that was leaking customer data last night. Click to enlarge.

eBay removed a page from its Web site that was leaking customer data after CNET inquired about the security issue.

Acting on a reader tip last night, CNET verified that an eBay Web page for sellers to order co-branded U.S. Postal Service boxes was exposing customers' names, addresses, e-mail addresses, and phone numbers. The site was automatically filling in a stranger's information when the page was accessed by a logged-in user.

eBay representatives did not respond to e-mails or phone calls from CNET last night. They did, however, take down the leaky Web page either late last night or early this morning.

After a call and e-mail from CNET this morning, eBay spokeswoman Johnna Hoff e-mailed this statement: "We are currently experiencing a technical issue that is impacting the functionality of the eBay-USPS box-ordering Web site. We have temporarily taken the eBay-USPS site down as we identify and resolve the issue. It is possible that fewer than 5,700 mailing addresses were inadvertently viewed by users coming to the site to purchase shipping boxes. We plan to contact the impacted users."

It remains unclear how long the Web page was leaking the information.

We will update this post as we get more information.

CNET's Josh Lowensohn contributed to this report.