Alleged data leak in classified ads turns out to be a false alarm
Media reports unsettled many people that there was a data leak in classified ads. The company plausibly denies this.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
On Tuesday of this week, there were isolated media reports that led to uncertainty among users of kleinanzeigen.de: according to the reports, the sales platform was suffering from a data leak. Allegedly hacked kleinanzeigen.de databases had appeared in two underground forums. The sales portal used to operate under the name ebay Kleinanzeigen.
According to a report, the databases from the file kleinanzeigen.de.rar allegedly contained "countless" valid e-mail addresses, usernames, encrypted passwords, transaction data from the buyer protection program and other details, as well as files that looked like weblogs.
Classifieds denies data leak
When asked by heise online, classifieds company spokesman Pierre Du Bois replied that, contrary to the impression conveyed in the reports, "classifieds is not affected by a data leak. The data set in question is not a classified database. There is therefore no breach of personal data protection – we have therefore not submitted a notification to the competent authority in accordance with the GDPR."
The company reviewed the published data set yesterday, Tuesday. "The data set in question contains information that we do not collect and therefore do not store. The syntax of the data (including the naming of attributes such as phone number, name, etc.) does not correspond to our syntax. Many data points are inconsistent ('fantasy place names')," Du Bois explains. Kleinanzeigen also checked numerous e-mail addresses contained in the data set and found no accounts in its own services. Du Bois continues: "The data set also contains information on transactions that we do not have: We work with our partner Online Payment Platform (OPP for short) to process transactions via 'Sicher bezahlen'. This partner collects the data required for processing – classifieds does not have access to this data."
As far as we know at present, customer data has not been stolen from Kleinanzeigen. Nevertheless, there is a high probability that your own email address was part of older data leaks from other offers and therefore appears in the databases of cyber criminals. Caution is therefore always advised with emails and other messages, which could be phishing.
Fortunately, the alleged data leak from classified ads turned out to be a hoax. However, criminals with dishonest aims are indeed often up to mischief there. c't has compiled tips on how interested parties can see through fraudsters.
(dmk)