Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: eBay Account Stolen

  1. #1

    eBay Account Stolen

    I'm absolutely stumped as to why it happened, but my eBay account was stolen last weekend. The whole circumstances to it was very wierd. I basically received an alert that the email address on my account was changed and that a new auction had been posted. I logged in to find someone else's email address (something@inbox.com) in my profile and a auction started for a $14,000 Harley Davidson.

    Oddly enough, whoever had taken over my account and started this activity didn't bother to change the password, so I was easily able to log in, change my password, and get my account back.

    The thing is, I can't figure out how this happened. Consider the following circumstances here:

    1) Every computer I use is heavily scanned and guarded against spyware. I always use Spybot, Adaware, Spyware Guard, and Spyware Blaster.
    2) AV is up to date and scanning regularly.
    3) I have not clicked any links in emails, so I have not fallen prey to any phishing scams.
    4) I was using an eight character password mixed with a balance of letters and numbers, and did not give that password out to ANYONE.
    5) eBay actually caught the account theft before I had time to report it, so eBay automatically restored my account settings and removed the Harley Davidson auction. How did they know before I did? What alerted them, I wonder?
    6) The auction that was posted was in eBay Motors. Oddly enough, I had never ventured into the eBay Motors section of the site until about a week prior. Coincidence?

    So I immediately confirmed with eBay that everything was resolved, then reported the identity theft to the FTC and put up a 90-day alert through Experian, Equifax, and TransUnion, so my butt's covered on that front. But the question is, how did this person manage to get around ALL my safeguards and still steal my account? And how could eBay have known it happened without me reporting it?

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    But the question is, how did this person manage to get around ALL my safeguards and still steal my account? And how could eBay have known it happened without me reporting it?
    It was an E-Bay employee who was being dishonest?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    That's exactly one possibility I was starting to suspect...Man, that would really suck too!

  4. #4
    If i could offer a few recommenations:

    Make your password more complex it might be a pain in the butt but if you can memorise your password it most certainly can be cracked by a web based password cracker.

    Try to make your password alot longer than your previous password try to make it close to the maximum allowed by ebay and make sure your password is completly random and contains letters and numbers which are lower case and upper case and include special characters such as: @_ and others that might be allowed by ebay.

    Also you did not mention if you have notified your bank to get your card's canceled and account number's changed?.

    This is important because in the password reset options it asks you for the last four digits of your card number and i think you can see these numbers under your account information when you are logged in to your account also this will stop fraud against your account if this is an inside attack.

    Also the account thief could of already sold items using your account then deleted all the items so this will stop any fraudulent charges against your account.

    Do you also have a PayPal account?

    EDIT: Also i forgot to add that you should use different passwords for every service that you sign up for so if your password does get comprised or becomes known to one party they cant gain access over your other accounts.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well,

    If you have an e-bay account you are a retard, and a paypal account would make that double bubble.

    They are both wide open to fraud....................I understand (on the QT) that the British Government will be putting both of them out of business within the next 12 months.

    Fraud, drugs, stolen property, social welfare benefits fraud; and those are only the more socially acceptable parts of it..............................go figure........................

    If someone comes to me with something that they bought on e-bay, I just tell them to £$%^&*& OFF....... I really don't want it anywhere near me.

    No offence intended Angelic old chap, but please wise up before you get caught out

  6. #6
    Greeting's

    One more company which is incompetent enough to have members password's accessible to its employee's.

    Plus they have dumb employee's
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  7. #7
    Possibly some malicious code in an auction you may have veiwed, what browser do you use? That would also explain how ebay found out about it. Ebay seems to be very slack on the code they let people use in the auctions/descriptions. Just an idea.
    I\'m Dying To Find Out The Hard Way

  8. #8

    Re: eBay Account Stolen

    Originally posted here by AngelicKnight
    I'm absolutely stumped as to why it happened, but my eBay account was stolen last weekend. The whole circumstances to it was very wierd. I basically received an alert that the email address on my account was changed and that a new auction had been posted. I logged in to find someone else's email address (something@inbox.com) in my profile and a auction started for a $14,000 Harley Davidson.

    Oddly enough, whoever had taken over my account and started this activity didn't bother to change the password, so I was easily able to log in, change my password, and get my account back.

    The thing is, I can't figure out how this happened. Consider the following circumstances here:

    1) Every computer I use is heavily scanned and guarded against spyware. I always use Spybot, Adaware, Spyware Guard, and Spyware Blaster.
    2) AV is up to date and scanning regularly.
    3) I have not clicked any links in emails, so I have not fallen prey to any phishing scams.
    4) I was using an eight character password mixed with a balance of letters and numbers, and did not give that password out to ANYONE.
    5) eBay actually caught the account theft before I had time to report it, so eBay automatically restored my account settings and removed the Harley Davidson auction. How did they know before I did? What alerted them, I wonder?
    6) The auction that was posted was in eBay Motors. Oddly enough, I had never ventured into the eBay Motors section of the site until about a week prior. Coincidence?

    So I immediately confirmed with eBay that everything was resolved, then reported the identity theft to the FTC and put up a 90-day alert through Experian, Equifax, and TransUnion, so my butt's covered on that front. But the question is, how did this person manage to get around ALL my safeguards and still steal my account? And how could eBay have known it happened without me reporting it?
    What about using the same password at other web sites? Do you do that?

    [5] Perhaps eBay got notice from an educated user who sniffed out the scam. I know I contacted a seller about an auction once, and the seller pushed me to use a Wire Transfer to an account in Romania, so I alerted eBay fraud. They told me that the account was hijacked and notified the user and removed his auction items, and notified the original account holder. Perhaps that is what happened here too...

  9. #9
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Ebay will most likely use systems to detect suspicious actions, likely using neural networks, banks use similar for finding odd transactions and detecting debt risk assessment, among many other things of course.

    if you feed a neural net a series of parameters in the form of training data of know fraudlent transactions then you will be able to produce a network capable of monitoring in real time potential or likely actions such as these you have encountered. I've implemented similar systems in my work.

    This scam could of course just be a quick way to make $14,000, but I would hedge my bets that is is more than likely a means of money laudering.

    I see no problem with trading through ebay, its the use of commonsense and the use of hard measures with a fall back (I.E. a cheque you can cancel, or picking up in cash), Auctions have always been a places rampent with money laundering,

    Paypal is Swiss centric, so I see no means by which the UK goverment can have any means of preventing it, if you know anything about swiss banking laws - but I could be wrong of course!

    Anyway good luck.

    i2c

  10. #10
    Senior Member Raion's Avatar
    Join Date
    Dec 2003
    Location
    New York, New York
    Posts
    1,299
    It was an E-Bay employee who was being dishonest?
    I would HOPE that ebay encrypts all passwords so not even employees can see what the password is so I think I would safely remove that possiblity..

    As to how ebay might have detected it first, maybe the person who stole it tried many different combinations or maybe the IP was an IP of a person known for doing this to other accounts (Although I would suspect they would block the IP first..but still remains a possibility). Or maybe they used a known-exploit that hasn't been patched yet.

    Another thought, you said they restored your settings before you found out, maybe this person DID change the password but ebay changed it back before you found out about it..

    [note] I'm not sure if any of these possibilities were mentioned I didn't have the time to read everything in detail, I skimmed through the posts..
    WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •