An Ebay Question?

Discussion in 'After Hours Lounge (Off Topic)' started by alan halvorson, Jul 28, 2003.

  1. alan halvorson

    alan halvorson Cinematographer

    Joined:
    Oct 2, 1998
    Messages:
    2,009
    Likes Received:
    0
    Trophy Points:
    0
    Tonight one of our local tv stations ran a short segment that claimed that Ebay may not be as safe as you would hope. Apparently, they found some guy whose account was hijacked and had over thirty auctions running under his id that weren't his (he said he had none currently). Somehow - not explained how - this guys password was stolen.

    I have heard of Ebay accounts being hijacked because a security hole in Ebay's implementation allowed it. How is this done? Can it be prevented? Until recently, Ebay allowed a user to log into his account using either the accounts e-mail address or Ebay id, but now only the Ebay id may be used. An e-mail I received said this change was made to make Ebay more secure. Could this change have been instituted to help prevent account hijacking?

    I have never had any problems. For my part, I never use a link within an e-mail to log onto any site - I'm guessing this guy did just that, and it led him to a bogus site where they harvested his password, all without him realizing it.

    Comments?
     
  2. Chris Lockwood

    Chris Lockwood Producer

    Joined:
    Apr 21, 1999
    Messages:
    3,215
    Likes Received:
    0
    Trophy Points:
    0
    > For my part, I never use a link within an e-mail to log onto any site - I'm guessing this guy did just that, and it led him to a bogus site where they harvested his password, all without him realizing it.

    Yeah, or maybe people used easily-guessed passwords, or somebody hacked in to where the passwords were stored.
     
  3. Devin U

    Devin U Second Unit

    Joined:
    Jun 23, 2002
    Messages:
    399
    Likes Received:
    0
    Trophy Points:
    0
    One of he ways people are doing it is a fake email. You get a offical looking email from ebay asking you to confirm your username and password. They then change the password and email address to theirs. If you get this kind of email, report it to ebay.
     
  4. DaveGTP

    DaveGTP Cinematographer

    Joined:
    Jul 24, 2002
    Messages:
    2,096
    Likes Received:
    0
    Trophy Points:
    0
    I got one of the faked emails from Paypal just 2 weeks ago (they bid on one of my auctions). I promptly reported it to Paypal and the userID to Ebay. The email faked a 'you got cash' email. The 'click here to see details of this transaction' link was actually a link to reset the sender's Paypal account - it would just say "Enter password to proceed" and then would ask for your email address to send your password to. The scam was easily caught by me, but I was afraid he would get someone else. I called Paypal to report, but they just tried to walk me through the webform to file a complaint. I also dug up Ebay's phone # and called to alert them to the scam, but they just asked me to file a fraud form. From the mix of positives and negatives in his feedback, (like 7+ and 15-), he probably succeeded at least in getting merchandise from some people.

    All I got from paypal was something to the effect of 'That indeed was a fake email. If you put in information, immediately login and change your password. We will look into it". I haven't heard back from either Ebay or Paypal that his account has been canceled.


    Edit: I went back and looked up his account. Looks like it has been shut down. He had his feedback set to private so that you can't view the comments. I don't think that Ebay should allow that, frankly.

    I think most ebay security problems are created more like that (getting people's passwords through shady tactics).
     
  5. Danny R

    Danny R Supporting Actor

    Joined:
    May 23, 2000
    Messages:
    871
    Likes Received:
    0
    Trophy Points:
    0
    I think Patrick Sun has had problems with people stealing his ebay account a few times.
     
  6. Patrick Sun

    Patrick Sun Moderator
    Moderator

    Joined:
    Jun 30, 1999
    Messages:
    38,749
    Likes Received:
    480
    Trophy Points:
    9,110
    Yeah, and it seemed to take around 2 months to clear things up with Ebay. It's quite a nuisance.
     
  7. alan halvorson

    alan halvorson Cinematographer

    Joined:
    Oct 2, 1998
    Messages:
    2,009
    Likes Received:
    0
    Trophy Points:
    0
    Patrick: Do you have any idea how your account was hijacked?
     
  8. Patrick Sun

    Patrick Sun Moderator
    Moderator

    Joined:
    Jun 30, 1999
    Messages:
    38,749
    Likes Received:
    480
    Trophy Points:
    9,110
    Nope. Not at all.

    My gut feeling is that some of these creeps have found a backdoor super-user account on Ebay and hack into user accounts with spotless feedback records, and then abuse those users by hijacking their accounts.
     

Share This Page