Password lock-down following hacked ebay account
Published by on January 15th, 2008
In my email inbox this morning was a lovely message from ebay letting me know my account had been locked down due to it having been hacked. Great. So, not knowing exactly what, where, or when, the best policy was to spend some time locking down any other accounts by updating passwords.
I was pretty impressed how rapidly the ebay system had flagged two new auctions on my account, which I had not placed. The account had been compromised, and the hacker placed some DVD items for sale - relatively low cost items for a better chance to get under the radar. Ebay locked access to the account, removed the two auctions, and ensured auction charges were refunded. All pretty slick. I had a similar experience with Paypal a couple of months ago: account lock-down due to attempted third party access to the account, and they were just as prompt and efficient in locking things up (reactivating Paypal was a little tricky, compared to ebay, however).
These are the very first times I have personally experienced such issues in all my years using the net - likely because I am very careful to look for phishing emails and the like. But what concerns me is that these two occasions existed around two directly associated services. Ebay and Paypal are very tightly integrated; surely not a coincidence that both my accounts were partly hacked. Someone got in, somewhere.
Thankfully, there was no loss to me, and thanks to additional security surrounding email accounts associated with my ebay and Paypal, no unpleasant issues there. Though I am spending a big chunk of today locking down all my accounts with new passwords, and perhaps an entirely new password policy, too, to add greater security to associated accounts such as ebay/Paypal.
4 Responses to “Password lock-down following hacked ebay account”
Leave a Reply
November 28th, 2007 at 11:09 am
I have a question - what’s a bog post?
Or did you fail to poofread this properly?
November 28th, 2007 at 4:21 pm
Damned new laptop keyboard - no, really. My better half failed to proof it - probably because she was at work
January 15th, 2008 at 1:14 pm
IN UR EBAY ACCOUNT COMPRIMIZIN UR SECURITYS.
Do you want to buy a couple of DVDs? They’re only a few months old…
January 15th, 2008 at 6:07 pm
What can I say, Neil. Using “gandalf” for all your passwords is just too easy to guess.
January 16th, 2008 at 4:00 pm
i had a similar thing happen with my ebay account awhile back…immediately changed all of my passwords everywhere else in the wake
my paypal was not compromised
i was never able to rehab the ebay account…had to create another one
i’m also very careful about links that i follow, etc. - so it seems there is a big hole in ebay security, eh?
January 17th, 2008 at 8:01 am
@Noebie: I’m in two minds as to whether ebay has a security hole. My password was not insecure (though could have been better) and would be tough to guess, but not impossible. My guess is I signed up with some service somewhere which was less than scrupulous and did not encrypt password data in their database. I do have one service which uses my ebay account data, and that’s auctionstealer.com, can’t think of anywhere else that would hold that password.
@pete: Coincidentally, the only time I’ve been ripped off on ebay was for a DVD. Paid for a copy of Dark City only to discover after a couple of weeks that ebay blocked that account due to dubious activity, so no DVD.
@phil: “You shall not pass!” Makes total sense doesn’t it..?