A Massachusetts man has been charged (and will be indicted on Jan. 18 at Suffolk Superior Court) with hacking into dozens of eBay customer accounts and incurring up to $32,000 of fraudulent charges. Sean Galvez of Boston has been indicted on one count of larceny and 10 counts of unauthorized access to a computer and identity fraud committed during 2003.

According to the prosecution, Galvez is believed to have illegally accessed and taken over more than 40 eBay accounts, then used them to buy gift certificates for eBay’s half.com merchant site. While it is not clear how Galvez obtained control over these 40 accounts, it is believed to be either via phishing or by purchasing them from another. According to sources close to Massachusetts’ AG office, the prosecution strongly believes that the source of eBay accounts is a phishing scam. eBay reported the incident to the United States Postal Service after the affected users reported being locked out of their accounts.

It is nice to see that eBay and law enforcement are working together to prosecute crimes which lately have stolen the headlines. What is somewhat bothersome is that the incident occurred in 2003 and yet Galvez is just being indicted in 2006. Also, considering that there were only 40 eBay accounts affected (a relatively minor case, compared to thousands of records) it begs the question how long would a major (multi-thousand) scam take to investigate and prosecute?