Styleforum › Forums › Archives › Buying and Selling (Archive) › B&S Archive › Ebay Account Broken Into
New Posts  All Forums:Forum Nav:

Ebay Account Broken Into

post #1 of 11
Thread Starter 
Usually, I get spoof emails from "ebay" telling me there is a problem with my ebay sign-in or paypal account and I should "click on the link below" to take care of the problem.

Of course I don't reply to these emails, but several weeks ago I started to get questions about auctions and requests for feedback for products I never sold or bought. I also started to get emails from ebay saying that my auctions were being cancelled for various reasons.

This concerned me. I couldn't find the auctions mentioned so I assumed they were more "spoof" emails. When I got these emails, I sent them to ebay's security and always get the usual canned response. Just having a gut feeling, I actually followed ebay's canned security response and changed my password and forgot about it.

Yesterday, just dumb luck, I checked my ebay account. I found that approximately 40 items were being sold under my ebay account. My account showed that it was shut down for a couple of days while ebay sorted out the problem. Then my account was reinstated.

Of course, ebay never contacted me about any of this. I only found out yesterday because I opened my account for another reason. I am not sure how whoever hi-jacked my ebay account got my information but I would guess my account looked attractive because I hadn't sold anything in several months. That probably made it a good target for someone who wanted to make some quick money.

I haven't checked my credit cards to see if I was charged for any of this stuff but I don't think I was. Not sure about all of those feedback items I need to leave either.

The point of all of this is, if you have an ebay account and haven't used it in a while, maybe you should check it to make sure it is ok.

Ebay is terrible to begin with and they obviously won't notify you of any problems with your account so it is up to you to check it. Especially if you haven't used it in a while.
post #2 of 11
A bummer to hear that Tck13! A general security tip for those who want to update their passwords (yes, I'm in Security :P). Pick a random string (ie Sfsfsdf@2121) and then add the website your on (ie ebay, amazon etc). Stick the random string in your wallet until you remember it (as it's useless without the other bit). This makes password guess and brute force attacks almost useless, as well as making all your passwords different and easy to remember (result for above = Sfsfsdf@2121ebay or Sfsfsdf@2121amazon etc...) Passwords should NEVER be the same on different sites. Even more so if the username is the same over multiple sites....Real money is behind these usernames/accounts, please take measures to make sure what happened to Tck13 does not happen to you. --Wade
post #3 of 11
You need a bouncer
post #4 of 11
Thread Starter 
Originally Posted by Soph
You need a bouncer

Someone that's well versed in BJJ, Krav Maaga, and boxing. None of these one style wannabees.

That's what i'm talking about...
post #5 of 11
I typically like to have very long, complex passwords for security reasons, so I bought a fingerprint scanner. I highly recommend it, you never have to remember your usernames & passwords for different sites, only register them once with the program and only your fingerprint can access those sites. When you scan your print, it will automatically input the username and password into the website fields.

Unfortunately, this has resulted in me forgetting most of my passwords - so you need to write them down and hide them somewhere in case the fingerprint scanner breaks sometime or you have to access a site from a different computer.
post #6 of 11
And writing them down makes them virtually worthless as passwords.

Many moons ago I was a young Lt in the Army. I got a new job right out of boot camp. The day I got there Top asked me to set the combination on the unit safe. The safe was full of TS and TS/Crypto material to include the odd document with a NATO designation of Cosmic Top Secret (sounds like it came in a box of rice krispies and I even think the designation itself was TS).

The next morning I got in and he handed me a document from the safe. I, of course, like any 22 year old dummy had used an easily remembered set of numbers. Top had figured them out and it taught me a valuable lesson. One of the other things he said is that if a password is ever written down it is worthless.

I recently retired and my last job was with a large multinational bank. Every web site had a different password and different requirements for coming up with UserID and passwords. Such that I had about 30 to remember. So I wrote them down in a book I carried with me. Might as well have had no passwords on any of the banks software for all the security that illusory system provided.

Most of my colleagues kept their passwords in the desk drawer. So remember whatever bank you use, the janitor can go in tonite and reach in a desk drawer and access the banking system and empty your account.

The more complicated the system the easier it is to break because the passwords will be accessible within a few feet of the computer.

post #7 of 11
Perry you will notice I said only write down the seed, not the whole password --Wade
post #8 of 11
I had a similar Paypal experience that took months to sort out. Now I check everything biweekly, even if I haven't touched it.
post #9 of 11
I had the same thing happened recently. Fortunately, I used a different password for my paypal account and spending 10 minutes or so talking to a CSR on eBay chat restored my eBay account.
post #10 of 11
Originally Posted by pkincy
And writing them down makes them virtually worthless as passwords.

There are encrypted password managers that allow you to store all of your passwords in an encrypted format and then you only need remember one password to access your list.

post #11 of 11
Originally Posted by Rolo
There are encrypted password managers that allow you to store all of your passwords in an encrypted format and then you only need remember one password to access your list.

That's right. I personally have mine "written" in a PGP encrypted .doc file in case I ever need them. But again, since I use the fingerprint scanner and never have to type them - if my computer crashes or something, it's going to be a pain since I don't remember many of the passwords. Actually, I think I'll save that file to a disc right now! Thanks for the thought.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: B&S Archive
Styleforum › Forums › Archives › Buying and Selling (Archive) › B&S Archive › Ebay Account Broken Into