Romanian authorities have arrested a phishing scammer who broke into eBay systems and accessed confidential files, including data of eBay customers and their transactions.
Liviu Mihail Concioiu allegedly harvested log-in credentials from eBay employees through phishing scams and used the data to steal sensitive financial data, according to the Google translation of a statement from Romanian authorities.
All in all, the suspect allegedly victimized about 3,300 eBay employees through his phishing campaigns in 2009, and then accessed a database where data about eBay customers and their transactions is stored.
He then compromised the accounts of almost 1,200 eBay users through phishing sites. Along with other accomplices, he also withdrew about €300,000 (US$400,491) from Italian bank teller machines.
In a separate attack, the suspect disrupted the operation of eBay's auction marketplace. The total cost to eBay from the breaches and attacks amounts to about US$3 million.
Romania collaborated with U.S. Embassy agents in Bucharest, with Italian authorities and with eBay staffers on the investigation.
EBay, whose internal investigators have been working with authorities on the case since May 2009, called the arrest of Concioiu and his partners "a great victory" against Internet fraud.
"We are confident that the evidence will link these individuals to a series of online attacks and organized criminal activity. EBay remains committed to working collaboratively with global law enforcement agencies to protect our user community and to prosecute criminals," eBay's statement reads.
It's not clear what type of data on eBay merchants and sellers was compromised. An eBay spokeswoman didn't immediately respond to a request for more details about the case.