alan halvorson
Senior HTF Member
- Joined
- Oct 2, 1998
- Messages
- 2,009
Tonight one of our local tv stations ran a short segment that claimed that Ebay may not be as safe as you would hope. Apparently, they found some guy whose account was hijacked and had over thirty auctions running under his id that weren't his (he said he had none currently). Somehow - not explained how - this guys password was stolen.
I have heard of Ebay accounts being hijacked because a security hole in Ebay's implementation allowed it. How is this done? Can it be prevented? Until recently, Ebay allowed a user to log into his account using either the accounts e-mail address or Ebay id, but now only the Ebay id may be used. An e-mail I received said this change was made to make Ebay more secure. Could this change have been instituted to help prevent account hijacking?
I have never had any problems. For my part, I never use a link within an e-mail to log onto any site - I'm guessing this guy did just that, and it led him to a bogus site where they harvested his password, all without him realizing it.
Comments?
I have heard of Ebay accounts being hijacked because a security hole in Ebay's implementation allowed it. How is this done? Can it be prevented? Until recently, Ebay allowed a user to log into his account using either the accounts e-mail address or Ebay id, but now only the Ebay id may be used. An e-mail I received said this change was made to make Ebay more secure. Could this change have been instituted to help prevent account hijacking?
I have never had any problems. For my part, I never use a link within an e-mail to log onto any site - I'm guessing this guy did just that, and it led him to a bogus site where they harvested his password, all without him realizing it.
Comments?