To be clear, I have nothing to do with this post. I am not involved in this analysis or investigation at all. But if it’s true I think it has major relevancy to people across many hobbies.
Since it’s a bit dense, I read through the text and here is a high level summary (ChatGPT helped, but I curated it).
Core claim:
Snype supposedly exposed an internal database endpoint to the open web with no authentication. According to the post, this allowed access to full bidder and consignor information for any auction: names, emails, phone numbers, addresses, birthdays, payment-method data, Stripe objects, eBay info, and bid histories. The post did not share how to do the method, but it has been mention on another thread on the forum (Probstein Leaving eBay to Create New Auction Platform - #153 by velitheturtle)
Scale of exposure:
~1,331 auctions were allegedly involved. Total bids placed across them: ~29k, totaling ~$1.28M. Ninety-six wins are attributed to the flagged accounts.
Main allegation beyond the security issue:
A cluster of accounts (claimed to be linked by email patterns, similar data, shared addresses, or names associated with “Probstein” or related individuals) show unusually heavy bidding activity, often on the same listings. Many accounts are marked “Super Bidder” but required verification fields appear fake or nonsensical. The accounts bid against each other and raise the item prices.
The bulk of the post appears to be a bunch of examples.
Note: The standard of this forum is that we remove personal information when posted, however the “personal information” here appears to not reflect real people (ie. a series of accounts with “@dr.com” in their email). If there is a real person or email in this list that you know of, let me know and I’ll take it out ASAP