I'm absolutely stumped as to why it happened, but my eBay account was stolen last weekend. The whole circumstances to it was very wierd. I basically received an alert that the email address on my account was changed and that a new auction had been posted. I logged in to find someone else's email address (firstname.lastname@example.org) in my profile and a auction started for a $14,000 Harley Davidson.
Oddly enough, whoever had taken over my account and started this activity didn't bother to change the password, so I was easily able to log in, change my password, and get my account back.
The thing is, I can't figure out how this happened. Consider the following circumstances here:
1) Every computer I use is heavily scanned and guarded against spyware. I always use Spybot, Adaware, Spyware Guard, and Spyware Blaster.
2) AV is up to date and scanning regularly.
3) I have not clicked any links in emails, so I have not fallen prey to any phishing scams.
4) I was using an eight character password mixed with a balance of letters and numbers, and did not give that password out to ANYONE.
5) eBay actually caught the account theft before I had time to report it, so eBay automatically restored my account settings and removed the Harley Davidson auction. How did they know before I did? What alerted them, I wonder?
6) The auction that was posted was in eBay Motors. Oddly enough, I had never ventured into the eBay Motors section of the site until about a week prior. Coincidence?
So I immediately confirmed with eBay that everything was resolved, then reported the identity theft to the FTC and put up a 90-day alert through Experian, Equifax, and TransUnion, so my butt's covered on that front. But the question is, how did this person manage to get around ALL my safeguards and still steal my account? And how could eBay have known it happened without me reporting it?