Ste
Premium Member
Registered: 5th Mar 03
Location: Taif, Saudi Arabia
User status: Offline
|
My ebay account was compromised last night. Had an email saying I needed to change my password, thought it was dodgy, went to log in to ebay and couldn't.
Changed my password, logged in and this was in my message box:
Dear ***********************
It appears that a third party accessed your eBay account and used it to list items without your authorisation.
At this time we have taken several steps to secure your eBay account, including cancelling the unauthorised listings and crediting all associated fees to your account. We assure you that your credit card and bank details are kept encrypted on secure server and have not been viewed by anyone.
To restore access to your account securely, please follow these steps
1. Change the password on your personal EMAIL account to verify that it is secure and cannot be accessed by anyone other than you.
2. Change the password on your eBay account. Click "I've forgotten my password" on the eBay sign-in page and follow the instructions to choose a new password.
3. Check that the contact information on your account is correct. Go to "Personal Information" in My eBay.
We recommend you take our Account Protection tutorial to help understand how your account was compromised and how you can protect yourself in future. Copy this link into a new browser window:
http://pages.ebay.co.uk/help/tutorial/accountprotection/js_tutorial.html
Thank you for your patience and cooperation in this matter. Please don't hesitate to contact us if you have further queries or require assistance.
Regards,
eBay Trust & Safety
H18998
[Edited on 23-02-2009 by Ste W]
I would rather lose by a mile because i built my own car, than win by an inch because someone else built it for me.
|
Jakey
Premium Member
Registered: 4th Jun 07
Location: Sandbach
User status: Offline
|
FFS 
|
Twiggy
Member
Registered: 15th Oct 04
User status: Offline
|
ohh for godsake!
|
Haimsey
Premium Member
Registered: 8th May 05
Location: Nottingham Drives: Corsa B
User status: Offline
|
Hack Day?
Marcy Marc 
White Sport Progress Thread
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
If these are all true it looks like people with their hotmail email in their profile.
Any way you can see if one person is looking at a lot of profiles to confirm that either way Ian?
|
Ste
Premium Member
Registered: 5th Mar 03
Location: Taif, Saudi Arabia
User status: Offline
|
I use googlemail
I would rather lose by a mile because i built my own car, than win by an inch because someone else built it for me.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
That's my idea out the window then.
Do you have an MSN list full of 12 year olds?
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
If you've any guesses as to what it is then I can look in the access logs but I'm not really clear what I'm looking for. A load of profile requests would be obvious but one thread full of addresses wouldn't be. Profile downloads need a logged in user as well.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
I was just going along the lines of it's people with hotmail accounts in the profile and somebody going through profiles collecting these.
I hadn't thought about a big thread, which there are a few of on here with people looking for randoms to add to msn, which would be a great place to harvest addresses.
[Edited on 23-02-2009 by John]
|
Ste
Premium Member
Registered: 5th Mar 03
Location: Taif, Saudi Arabia
User status: Offline
|
I don't think it is CS based, I'd be looking to Nigeria and the scamming clerts over there. Everyone needs to do checks for spyware and worms.
I would rather lose by a mile because i built my own car, than win by an inch because someone else built it for me.
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
I wonder how many of these accounts had passwords that were the same on their cs, gmail, hotmail, ebay ete?
|
Haimsey
Premium Member
Registered: 8th May 05
Location: Nottingham Drives: Corsa B
User status: Offline
|
Mine wasnt 
Marcy Marc
White Sport Progress Thread
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
If somebody got my 1 password i'd be up shit creek 
|
willay
Moderator
Organiser: South East, National Events
Premium Member
Registered: 10th Nov 02
Location: Roydon, Essex
User status: Offline
|
yeah i use different passwords and variations on accounts
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
You only really need into one account though, if thats the default email for ebay etc you just get the password reset to that account.
|
Twiggy
Member
Registered: 15th Oct 04
User status: Offline
|
quote:
Originally posted by John
If somebody got my 1 password i'd be up shit creek
you are
|
Haimsey
Premium Member
Registered: 8th May 05
Location: Nottingham Drives: Corsa B
User status: Offline
|
My MSN password was the hardest out of all mine. It would be impossible to guess.
Marcy Marc
White Sport Progress Thread
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
People don't guess the password.
They get your hotmail address and find you on myspace or whatever it is people use these days and find out everything about you, then answer your secret question, from there they can either get passwords or get the reset email sent to that account and it spirals.
It's not so much hacking as a moderm form of social engineering imo.
|
Haimsey
Premium Member
Registered: 8th May 05
Location: Nottingham Drives: Corsa B
User status: Offline
|
They wouldnt guess my secret question either Thats some 7 years old.
Marcy Marc
White Sport Progress Thread
|
Tommy L
Member
Registered: 21st Aug 06
Location: Northampton Drives: Audi wagon
User status: Offline
|
Could be the hardest password to guess in the world but it is not impossible to hack that account. There is more than one way to get into someones computer/accounts.
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
quote:
Originally posted by John
You only really need into one account though, if thats the default email for ebay etc you just get the password reset to that account.
which is what i think has happened to me. i have the email address of the paypal user that my money has gone to. when i google it it comes up with loads of bebo stuff. i'm not even on bebo so fuck knows how i've been targeted.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
C2RL R whats the email the money has gone into?
May help ?
Although bare in mind, if the hacker has several pay pal accounts, he could hop the money from account to account several times...
So he sends your money to another victim's email he has, then onto his own or whatever.
|
C2RL R
Member
Registered: 28th Mar 02
Location: Redcliffe, QLD
User status: Offline
|
i'm not sure i should post it on here really.
|
Paul_J
Member
Registered: 6th Jun 02
Location: London
User status: Offline
|
u2u Ian it...
Well type it into Facebook and see who it gives you, see if they have any 'related' friends on CS etc.
|
