My ebay account was hacked

Posted on April 21, 2008 
Filed Under Uncategorized

I’ve been active online since 1988-89 when I got my first Prodigy account. It was bound to happen sooner or later.

I’m still not sure exactly how it happened. I checked my email this morning and this was the most recent message:

Dear [my ebay username],

Your account may have recently been used for fraudulent purposes. For this reason, we have temporarily suspended your account to protect your online security.

If you think that your account may have been tampered with, please contact our Live Help team immediately. To reach the Live Help team:

1. Click the “Live Help” link at the top of most eBay pages. An “eBay Live Help” chat box will open.

2. Click the “Account Security” link. A “Securing Your Account and Reporting Account Theft” Help page will open.

3. Scroll down to the bottom of the page.

4. Click the “Live help” link.

Right underneath it was another email.

Dear [username],

We have temporarily disabled the automatic payment of your invoices. We’re sorry for the inconvenience, but we’ve taken this action to ensure that you’re being charged only for amounts that you actually owe.

If you’re not currently an active seller, then our action should have no effect upon your account and the following information is for your information only.

Even after both of these emails, I didn’t immediately believe it was for real. I assumed it was a phish, trying to get me to log in and “verify” my account.

Sure enough, I went to ebay.com in my browser, attempted to login and got a message that my account was suspended for fraudulent activity.

Crap.

I go back to my inbox and see 5 “Your ebay listing is confirmed” for Louis Vitton handbags. All 1-day auctions with Buy It Now prices. Amazingly enough, those listings happened around 5:20 am and the email from ebay advising of “possible unauthorized account use” arrived at 5:46 am. Whatever security measures ebay has in place to detect this kind of thing happening seems to have kicked in quickly. Even so, 2 auctions had buyers.

First thing I did was change the password on my email and PayPal accounts. It doesn’t appear there was any unauthorized activity on either, but it seemed the logical first move. Then I “spoke” to ebay through Live Help to confirm to them that I wasn’t the one who placed the auctions. They reactivated my account, having me set a new password and they cleaned out everything the crooks may have done. I hope. ebay support says that the PayPal account for the auctions wasn’t my PayPal account, which for all I know may have been what tipped off security.

I think I was lucky. Looks like the thieves were looking for the easy score of the “Buy It Now” listing which they could only get from an account with some feedback history. I first registered for ebay in March 1999 and have a 91 100% positive feedback rating. I also don’t use the account that often, another factor that may have made it an easy target.

I would just like to know how it happened. I’m assuming that because I had a relatively weak password (stupid, I know) they somehow guessed in. I don’t use that password anywhere else. In fact, for the last few months I’ve been using the outstanding 1Password to make sure my passwords are strong and not easily guessed for sites that have personal/financial information. I know they didn’t get my login information from a phish, and I don’t think my email has been compromised.

20 years online and this is the first time this has happened to me. I hope it’s the last.

Comments

6 Responses to “My ebay account was hacked”

  1. Jason Harris on April 21st, 2008 4:40 pm

    You’re the first friend I’ve had to experience this. I’ve spent the last few minutes changing passwords on the online services I care most about.

    I with you the best with this one…

  2. Erik J. Barzeski on April 21st, 2008 7:17 pm

    I went and changed my password to one generated by 1Password just now as well. It too was somewhat weaker. I think a lot of us who have been around for a long time have weaker passwords since hacking wasn’t really something we thought about in 1992 or whenever.

  3. Liza Lee Miller on April 21st, 2008 8:44 pm

    This happened to me a little more than a year ago. I was amazed at how quickly eBay caught it. Definitely inconvenient for me but so much better than the nightmare it could have been.

  4. Cj on April 22nd, 2008 9:30 am

    Hi, I read your blog after searching the web about Ebay being hacked, I can’t find much but what happened some sort of security leak must have happened. Here’s my story ~
    Back on the 15th March 2008 I checked my Ebay.co.uk account and after a struggle to gain access to it I managed to get in and found that I had received bad feedback and angry emails and could see that items had been listed for buy it now sales from my account but Ebay had already removed the items themselves by the time I’d logged in. On checking the sellers account history bit of my account I could see that on the 14th March 2008 lots of fake GHD hair straightening irons and UGG boots had been listed from my account. I immediately changed my log in password and secured my Ebay, paypal and email accounts and notified Ebay. They emailed me back (I’ve still got copies of these emails) to confirm that a third party had gained unauthorised access to my account. They removed the negative feedback, notified the buyers, cancelled the charges to my account and tidied up my account.

    This whole incident shook me up and although I was happy that everything seemed to be sorted I decided to stop using Ebay (which I only ever used previously for buying not selling). I’m always extremely careful about Phishing emails and scams to gain account log in info so I’ve no idea how they managed it, the other thing is I received no email notifications in my email account about activity on my Ebay account so I’ve no idea how they managed it.

    I really thought this was all over with however last Friday I received legal documents from Walker Morris Solicitors acting for Jemella Ltd who own the GHD brand. They are accusing me of selling those fake GHD products on Ebay and are demanding that I pay them compensation within the next 7 days for ‘trade mark infringement’. I’ve tried to contact Ebay to provide more proof of the transactions to clear my name but I’ve not had a response yet. I’ve visited the citizens Advice bureau and got some advice there!
    Also even though it happened just over a month ago and Ebay sorted out my account I have still reported the whole incident to the Police for them to investigate, after all it is serious fraud and identity theft. My advice would be to report your hacked account to the police and make sure you keep copies of all correspondence with Ebay just in case there are any comebacks.

  5. dkkd on August 1st, 2008 4:36 pm

    happened to me once and i’ve been online since 1990. I caught it before ebay did.

    someone got in my account and listed a mac computer for sale… of course, I was not selling a mac computer. glad I caught it. someone would have bought it and paid for it, waiting for me to deliver something I did not have.

    I recommend strong passwords. upper and lower case, letters, numbers, and !@#$%^^ characters. 10 character minimum. Not just for ebay, but for all accounts. IF your password is easy enough for you to remember, it’s easy enough for someone to guess.

  6. Barbara on August 23rd, 2008 8:14 am

    To Cj - I don’t think it was your site I was on, but I have actually received a set of ‘GHD’ straighteners from a hacked seller. They weree shipped from Shanghai (there’s a joke in there somewhere!) & I still have the details. Contact me directly if you think this information might help

Leave a Reply