EcommerceBytes discovered that eBay customers' first and last names, the items those customers have purchased, and their product reviews were made publicly available on Google and Google Shopping. The leak of customer data occurred due to a flaw in the feed eBay provides to Google. After EcommerceBytes alerted eBay and Google of the privacy breach, Google masked the real names of eBay customers and all other users in the Product Reviews section of Google Shopping while eBay is reportedly working to resolve the security issue. The NJCCIC recommends eBay users remain vigilant as the personal information leaked may be used by threat actors to craft clever and convincing spear-phishing emails designed to trick users into divulging their account credentials or other sensitive information. The NJCCIC reminds users to never click links provided in unsolicited emails to visit websites requiring the input of account credentials and, instead, visit the account’s associated website by typing the legitimate address directly into the URL field of the web browser.

Data BreachNJCCICeBay