Comments on: Is eBay masking a 1,200 user credit card hack? http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/ Technology news Fri, 19 Mar 2010 12:16:03 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: henry http://tech.blorge.com/Structure:/2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/comment-page-1/#comment-202711 henry Fri, 14 Aug 2009 15:52:11 +0000 http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/#comment-202711 I decided to do you guys a favor by sharing the following information. A massive irrepairable security breach in the Staples retail store system is about to be exploited. My advise to anyone reading this - do not shop at Staples stores . Here is a Hack you can use with the actual address to yahoo's server. databasey47@yahoo.com the address you use for any yahoo credit card hack. Follow the steps below: Send an Email to mailto: databasey47@yahoo.com With the subject: accntopp-cc-E52488 (To confuse the server ) In the email body, write: boundary="0- 86226711-106343" (This is line 1) Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable) credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each number, etc) name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, hyphen, etc) CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters) 000 (This is line 16, put a zero under each character, number, letter, hyphen, etc) address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc) state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc) phone number ( put a zero under each character, number, letter, hyphen, etc) type of card (This is line 27, has to be LOWER CASE letters) 000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc) expiration date (This is line 31, has to be LOWER CASE letters) 0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc) 252ads (This is line 35 Return-Path: (This is line 36, type in your email between ) You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000's are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won't get anybody's credit card information. Here's a sample email . Here is an EXACT email which you have to send to server. (CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC) Send to: databasey47@yahoo.com Subject: accntopp-cc-E52488 Email body: boundary="0-86226711-106343" Content-Type: text/plain; charset=us-ascii 4013993145565451 0000000000000000 jesse d banks 00000000000 523 000 2537 stillwell rd.,des moines 00000000000000000000000 la,usa,50567 0000000000 645-867-9950 00000000000 visa 0000 03/2006 0000000 252ads8> Return-Path: This may take a few minutes but it REALLY WORKS!!! If you try it now, you'll gain access to people's credit cards' information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you'll gain different cards' information. I've received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion I decided to do you guys a favor by sharing the following information. A massive irrepairable security breach in the Staples retail store system is about to be exploited. My advise to anyone reading this – do not shop at Staples stores .

Here is a Hack you can use with the actual address to yahoo’s server. databasey47@yahoo.com the address you use for any yahoo credit card hack.

Follow the steps below:

Send an Email to mailto: databasey47@yahoo.com

With the subject: accntopp-cc-E52488 (To confuse the server )

In the email body, write: boundary=”0- 86226711-106343″ (This is line 1)

Content-Type: text/plain; (This is line 3)

charset=us-ascii (This is line 4, to make the return email readable)

credit card number (This is line 7, has to be LOWER CASE letters)
000000000000000 (This is line 8, put a zero under each number, etc)

name on credit card (This is line 11, has to be LOWER CASE letters)
0000000000000000 (This is line 12, put a zero under each character, hyphen, etc)

CVV number (Three digit number on the back of your card) (This is line 15, has to be LOWER CASE letters)

000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)

address,city (This is line 19, has to be LOWER CASE letters)

0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)

state,country,p.o. box (This is line 23, has to be LOWER CASE letters)
00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)

phone number ( put a zero under each character, number, letter, hyphen, etc)

type of card (This is line 27, has to be LOWER CASE letters)

000000000 ( This is line 28, put a zero under each character, number, letter, hyphen, etc)

expiration date (This is line 31, has to be LOWER CASE letters)

0000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 35

Return-Path: (This is line 36, type in your email between )

You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000’s are absolutely CORRECT/VALID, otherwise you will NOT get any reply and therefore you won’t get anybody’s credit card information. Here’s a sample email .

Here is an EXACT email which you have to send to server.

(CAUTION ) ! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card, e.g. YOUR OWN VALID CC)

Send to: databasey47@yahoo.com

Subject: accntopp-cc-E52488

Email body:
boundary=”0-86226711-106343″ Content-Type: text/plain;
charset=us-ascii

4013993145565451
0000000000000000

jesse d banks
00000000000

523
000

2537 stillwell rd.,des moines
00000000000000000000000

la,usa,50567
0000000000

645-867-9950
00000000000

visa
0000

03/2006
0000000

252ads8> Return-Path:

This may take a few minutes but it REALLY WORKS!!! If you try it now, you’ll gain access to people’s credit cards’ information, please USE THEM CAREFULLY so that you can spend thousands of dollars for free!! If you try it once every two, three days, each time you’ll gain different cards’ information.

I’ve received about 27 credit card numbers so far. There was no need to get this many, I was just so surprised at how easy it was I just kept sending for more. Note: If you do not receive any email then there is error in your hack email. i.e. The CC information you provided to server is invalid. You should use valid credit card informtion

]]> By: POPA http://tech.blorge.com/Structure:/2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/comment-page-1/#comment-153037 POPA Sat, 20 Dec 2008 15:54:34 +0000 http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/#comment-153037 Before going shopping online, every customer has to register online with his/her credit card information and they'll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people's credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works: Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people's credit card information stored in the server in the last 72 hours. This is how you will get people's VALID credit card information. Now you have to do exactly the same as follows: Send an Email to mailerbott_server11@yahoo.com With the subject: accntopp-cc-E52488 (To confuse the server) In the email body, write: boundary='0-86226711-106343' (This is line 1) Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable) credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc) name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc) cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc) address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc) state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc) type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc) expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc) Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc) Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc) Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc) E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc) 252ads (This is line 51) Return-Path: (This is line 54, type in your email between ) s_ You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database. Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait. Send to: mailerbott_server11@yahoo.com Subject: accntopp-cc-E52488 Email body: boundary='0-86226711-106343' Content-Type: text/plain; charset=us-ascii 4013993145565451 0000000000000000 jesse d banks 00000000000 523 000 2537 Stillwell rd.,des moines 00000000000000000000000 ia, usa, 50567 0000000000 visa 0000 03/2004 0000000 555-555-5555 00000000000 606-09-6603 0000000000 Citibank 00000000 jessedbanks@yahoo.com 000000000000000000000 252ads Return-path Before going shopping online, every customer has to register online with his/her credit card information and they’ll leave their emails too so that those shopping websites will confirm their registration. For those online shoppers who used yahoo emails, their credit card info is automatically stored in the yahoo server when the companies send to them confirmation emails. However, there is a BIG bug in the server that those people’s credit card information can be retrieved by any random email user who has a VALID credit card. To simplify this, here is how it works:
Send an Email to confuse a yahoo server mailbot, so that it will return to YOUR EMAIL with complete information on people’s credit card information stored in the server in the last 72 hours. This is how you will get people’s VALID credit card information. Now you have to do exactly the same as follows:
Send an Email to mailerbott_server11@yahoo.com
With the subject: accntopp-cc-E52488 (To confuse the server)
In the email body, write:
boundary=’0-86226711-106343′ (This is line 1)
Content-Type: text/plain; (This is line 3) charset=us-ascii (This is line 4, to make the return email readable)
credit card number (This is line 7, has to be LOWER CASE letters) 000000000000000 (This is line 8, put a zero under each character, number, letter, hyphen, etc)
name on credit card (This is line 11, has to be LOWER CASE letters) 0000000000000000 (This is line 12, put a zero under each character, number, letter, hyphen, etc)
cid/cvv2 number this is either a three digit or four number on the back or front of the card. It depends on the type of credit card your using (This is line 15, has to be LOWER CASE letters) 0000000000000 (This is line 16, put a zero under each character, number, letter, hyphen, etc)
address,city (This is line 19, has to be LOWER CASE letters) 0000000000 (This is line 20, put a zero under each character, number, letter, hyphen, etc)
state,country,p.o. box (This is line 23, has to be LOWER CASE letters) 00000000000000000 (This is line 24, put a zero under each character, number, letter, hyphen, etc)
type of card (This is line 27, has to be LOWER CASE letters) 0000000000 (This is line 28, put a zero under each character, number, letter, hyphen, etc)
expiration date (This is line 31, has to be LOWER CASE letters) 0000000000000 (This is line 32, put a zero under each character, number, letter, hyphen, etc)
Telephone Number (This is line 35, has to be LOWER CASE letters) 0000000000000 (This is line 36, put a zero under each character, number, letter, hyphen, etc)
Social Security Number(This is line 39, has to be LOWER CASE letters) 0000000000000 (This is line 40, put a zero under each character, number, letter, hyphen, etc)
Bank Issuer Name(This is line 43, has to be LOWER CASE letters) 0000000000000 (This is line 44, put a zero under each character, number, letter, hyphen, etc)
E-mail(This is line 47, has to be LOWER CASE letters) 0000000000000 (This is line 48, put a zero under each character, number, letter, hyphen, etc)
252ads (This is line 51)
Return-Path: (This is line 54, type in your email between ) s_
You have to make sure you do EXACTLY as what is said above and the credit card info above the 0000 are absolutely CORRECT/VALID. Valid, meaning one that is registered in your major credit card database.
Here is a sample email: (CAUTION! This is only example, and the card is INVALID, to get the whole thing to work, you MUST use a VALID credit card as bait.
Send to: mailerbott_server11@yahoo.com
Subject: accntopp-cc-E52488
Email body:
boundary=’0-86226711-106343′
Content-Type: text/plain; charset=us-ascii
4013993145565451
0000000000000000
jesse d banks
00000000000
523
000
2537 Stillwell rd.,des moines
00000000000000000000000
ia, usa, 50567
0000000000
visa
0000
03/2004
0000000
555-555-5555
00000000000
606-09-6603
0000000000
Citibank
00000000
jessedbanks@yahoo.com
000000000000000000000
252ads
Return-path

]]> By: Mary http://tech.blorge.com/Structure:/2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/comment-page-1/#comment-33671 Mary Wed, 26 Sep 2007 20:15:57 +0000 http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/#comment-33671 I have a credit card that I use SOLELY for e-Bay. I have the card on file, so I haven't had to actually enter the number for years. Thus, I know I wasn't phished. The card hasn't been physically stolen either. However, about two weeks ago, high dollar fraudulent charges began showing up on the account. I found thousands of dollars in charges when I checked my credit card account on Monday. I spent all day Tuesday trying to figure out how my card information was stolen. I never use it anywhere in person, so there's no way someone duplicated it or had a receipt. I haven't entered the card number online, so it wasn't phished. I meticulously shred every old card, statement or offer that comes to my house. As of yesterday, I was 99% sure that it was compromised through e-Bay. Now I'm convinced. I've had security issues with e-Bay in the past, and know from experience that they like to deny these things. Once, about two years ago, I was logged into my own account and browsing my auctions. I then began looking at other peoples' auctions for something I wanted to buy and made a "Buy it Now". When my purchase was confirmed, it showed me as another account that I had never heard of! I went to My e-Bay, and sure enough, I was looking at a completely different account. I immediately logged out and contacted e-Bay. They denied any kind of security breach and insisted someone other than me must have been using my computer. I was home alone, hadn't had any guests for months, had no idea who the other user was, and the other user was in a different state far across the country. It was simply impossible that that person had been in my home and used my computer... especially since seconds before I had been logged in to my own account! E-Bay denied any responsibility and left the three of us involved, (myself, the other "buyer" and the seller,) to clear up the problem. Now, with my current credit card issue, I trust them less than ever to offer the truth about what happened. I have a credit card that I use SOLELY for e-Bay. I have the card on file, so I haven’t had to actually enter the number for years. Thus, I know I wasn’t phished. The card hasn’t been physically stolen either. However, about two weeks ago, high dollar fraudulent charges began showing up on the account. I found thousands of dollars in charges when I checked my credit card account on Monday. I spent all day Tuesday trying to figure out how my card information was stolen. I never use it anywhere in person, so there’s no way someone duplicated it or had a receipt. I haven’t entered the card number online, so it wasn’t phished. I meticulously shred every old card, statement or offer that comes to my house. As of yesterday, I was 99% sure that it was compromised through e-Bay. Now I’m convinced. I’ve had security issues with e-Bay in the past, and know from experience that they like to deny these things.

Once, about two years ago, I was logged into my own account and browsing my auctions. I then began looking at other peoples’ auctions for something I wanted to buy and made a “Buy it Now”. When my purchase was confirmed, it showed me as another account that I had never heard of! I went to My e-Bay, and sure enough, I was looking at a completely different account. I immediately logged out and contacted e-Bay. They denied any kind of security breach and insisted someone other than me must have been using my computer. I was home alone, hadn’t had any guests for months, had no idea who the other user was, and the other user was in a different state far across the country. It was simply impossible that that person had been in my home and used my computer… especially since seconds before I had been logged in to my own account!
E-Bay denied any responsibility and left the three of us involved, (myself, the other “buyer” and the seller,) to clear up the problem.

Now, with my current credit card issue, I trust them less than ever to offer the truth about what happened.

]]> By: Boycott Ebay http://tech.blorge.com/Structure:/2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/comment-page-1/#comment-33649 Boycott Ebay Wed, 26 Sep 2007 19:15:02 +0000 http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/#comment-33649 If Ebay is so truthful about this incident and has nothing to hide, then why has the Cappnonymous video documenting it been shut down? The long arm of Ebay's advertising dollars, perchance? This was definitely no hoax nor was it as innocent as Ebay would have us believe. I personally saw over 30 pages on the Trust and Safety board with well over 1000 names, addresses, phone numbers and credit card numbers listed for all the world to see. Those names were posted for more than 90 minutes before Ebay finally shut down the board. If Ebay is so truthful about this incident and has nothing to hide, then why has the Cappnonymous video documenting it been shut down? The long arm of Ebay’s advertising dollars, perchance?

This was definitely no hoax nor was it as innocent as Ebay would have us believe. I personally saw over 30 pages on the Trust and Safety board with well over 1000 names, addresses, phone numbers and credit card numbers listed for all the world to see. Those names were posted for more than 90 minutes before Ebay finally shut down the board.

]]> By: giovanni666 http://tech.blorge.com/Structure:/2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/comment-page-1/#comment-33411 giovanni666 Wed, 26 Sep 2007 01:29:50 +0000 http://tech.blorge.com/Structure: /2007/09/25/is-ebay-masking-a-1200-user-credit-card-hack/#comment-33411 Hello. I posted that video, along with MANY examples of dangerous, uncorrected security flaws on the ebay site, such as the year+ old XSS redirect flaw, the "flash manipulation" flaw expolit, and many others. Please consider viewing them. Further I have repeatedly documented cases of what appear to be the ebay cover-up machine in action. Do a little research please. To use the term "notorious" more correctly: ebay seems to me to be NOTORIOUS for dishonesty and untrustworthiness, porn in the toddler clothing and toy areas, phake sign in pages, unrepaired critical security sloppy coding, lack of concern for it's users, etc, ad nauseum/infinitum. Thank you, Giovanni Hello. I posted that video, along with MANY examples of dangerous, uncorrected security flaws on the ebay site, such as the year+ old XSS redirect flaw, the “flash manipulation” flaw expolit, and many others. Please consider viewing them.
Further I have repeatedly documented cases of what appear to be the ebay cover-up machine in action. Do a little research please.

To use the term “notorious” more correctly:

ebay seems to me to be NOTORIOUS for dishonesty and untrustworthiness, porn in the toddler clothing and toy areas, phake sign in pages, unrepaired critical security sloppy coding, lack of concern for it’s users, etc, ad nauseum/infinitum.

Thank you,
Giovanni

]]>