EcommerceBytes Letters to the Editor Letters to the Editor
Your emails to EcommerceBytes
For consideration, send your email to ina@auctionbytes.com with "Letters to the Editor Blog" in the subject line! Remember to include your name as you would like it to appear in the blog.
Tue Sept 23 2014 16:29:41

Beware of Account Takeovers

By: Reader

Sponsored Link

Dear Ina,
Final straw with eBay... my account was hacked tonight by somebody or something. On 09/22/2014 at 10:25pm, I received an email from eBay that they were confirming that I had changed my user ID, and showed what the new ID was. Since I had NOT changed my user ID, I tried logging onto my account, and sure enough, my ID had been changed. I had to log in with my email address instead of my user ID.

Thankfully, whomever, or whatever that changed my user ID had NOT changed my password or the email address that is linked to my account. I immediately changed my password to something else, and then tried to change my user ID back to what it was originally, but received a message that I would have to wait 30 days to change it. I then called eBay Customer Service and told them what happened.

Luckily, the service rep. that took my call was very knowledgeable and pleasant. He performed several security checks to confirm that I was whom I said I was and to verify that the account was mine. He then checked my account to see if any changes had been made and found that only the user ID had been changed. He was able to change it back to what it was supposed to be, but I still now have an icon next to my user ID that says I have changed it.

Even though my account now appears to be "fixed," I am very, very leery of doing anything with it. I made one sale tonight. I am going to package it and get it ready to be shipped, and then I am pulling the rest of my items off the account. I only have a few there as I am now using other venues as my main selling points, but until this whole period of hacking and glitches passes, I am not going to feel safe using the site. So I think it will be best to take an extended vacation from eBay for awhile until the glitches and hackings blow over.
Bob




Comments (25) | Permalink

Readers Comments

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: iheartjacksparrow

Tue Sep 23 17:05:58 2014

@Bob - Sorry to hear of your account problems. It's somewhat surprising that more people haven't reported this same experience on HackBay.

Beware of Account Takeovers   Beware of Account Takeovers

by: NetWatch This user has validated their user name.
Web Site

Tue Sep 23 21:00:51 2014

@iheartjacksparrow, for all we know this may be the tip of the iceberg...

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: Ric

Tue Sep 23 22:58:23 2014

@ Bob... Sorry that you had to go through that experience.

I agree that there will likely be many more sellers having this same experience in the weeks and months after the hack.

Sadly, eBay has done nothing to add an additional layer of security to prevent this kind of incident from occurring.

Unfortunately for every seller on eBay, the company pinches pennies and as a result of protecting revenue so it can be reported to Wall Street, eBay is reactive instead of proactive.

Typically for eBay, it will likely take a hundred or a thousand sellers going through the same situation before eBay does anything to protect seller accounts from being hijacked.

eBay considers sellers to be a commodity which is easily replaced, hence a few hundred or thousand inconvenienced sellers is of little or no concern to the multi millionaires running the company into the ground.

Beware of Account Takeovers   Beware of Account Takeovers

by: OnlyPollyPocket This user has validated their user name.
Web Site

Wed Sep 24 00:16:53 2014

Sorry this happened to you, Bob, glad you were able to get it addressed promptly.

However, your reluctance to further trust this site is certainly understandable and, in view of their recent performance, smart.  Maybe taking a vacation from it will allow you to find that you can do well on other venues.

Best of luck!

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: Marie

Wed Sep 24 01:57:07 2014

@netwatch
And for all we know it may not be too.

Account takeovers have happened on and off throughout Ebay history.  It is something we all need to make sure we keep a watchful eye out for.

The OP did an EXCELLENT job in handling theirs.  Job well done.

I've know others over the years that have had a similar thing happen, some more serious, but all recovered in short order.  It is a scary thing, there is no doubt.

It could be that Ebay somehow let them in.  It might be the OP used a wireless connection sometime to access their account and the info was stolen then.  It could be many different factors and chances are we will never know what caused it.

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: iheartjacksparrow

Wed Sep 24 10:39:45 2014

Marie states: "It could be many different factors and chances are we will never know what caused it."

True, but just like in a criminal investigation, we can look at the known facts and make some conclusions:

We know that eBay has been hacked at least twice recently. We know that the site is one, giant glitch. We know that the site has major security flaws. And we definitely know that eBay doesn't care whether or not, or how badly, their sellers are impacted. Therefore, chances are there it wasn't the OP using his cellphone, but eBay's ineptitude that resulted in the attempted account takeover.  

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: Marie

Wed Sep 24 11:11:59 2014

@jack

I understand that, but first you have to know the facts.  We don't know the facts, we only have assumptions.

Yes Ebay was hacked as are many other companies out there.  Could have Ebay handled the hack better?  Absolutely.  No doubt in my mind.  Glitches don't = security breaches.  They could of course, but it isn't a foregone conclusion.

It may not have been the OP using a mobile device to access Ebay, but it may have been.  Or it may be some visitor to the OP's home saw their log in info.  Or it may have been using the laptop on a wireless connection.  Or it may have been completely Ebay's fault.  Or it may not be any of these things and it is something else.  I don't for a fact what happened, nor does the OP, nor do you.

Beware of Account Takeovers   Beware of Account Takeovers

by: brokentoys19 This user has validated their user name.

Wed Sep 24 12:35:57 2014

blaming the victim is not, and has never been an adequate response to issues like this. Perhaps the letter writer Bob hasn't been watching the news regarding ebay's critical coding flaw, which they steadfastly refuse to correct? (arguably, since 1999, but at least since 2005 or 06)

To say that, somehow, since other companies were hacked also does not make it OK that ebay is/was hacked, or that users' security is at risk.

Read this blog AND the comments. Follow & read links provided there. There's [at least] 2 MAJOR security issues, 1 old, 1 new. The newest one being "how to hack any ebay account in 1 minute". LOL

BBC Reports on Security Flaw Gives eBay Black Eye
http://www.ecommercebytes.com/C/blog/blog.pl?/pl/2014/9/1411172
628.html


In
case the stark contrast eludes anyone, consider how quickly they changed buyer feedback name & date visibility in response to that bogus "study" which concluded that feedback/purchase history was a bug, not a feature, vs how they are handling the xss issue.

That alone adds much credence to the notion that ebay somehow generates profit from the hacking. If they didn't, it would be fixed. Simple as that.

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: Marie

Wed Sep 24 12:51:21 2014

I am NOT blaming the victim.  GOOD GRIEF!  All I tried to explain was that we do NOT know what caused the issues.  You don't know for a FACT it was an Ebay issue.  It may be, but it may not be as well.  

It is still only a "notion" not a fact that Ebay has failed this OP.  Again the MAY have.  We do NOT know.  And THAT was my only point.

OP ~ I apologize and will bow out now.  I did not intend for this to go this direction.  I sincerely hope that things continue to improve for you.  And back to what I said before, my opinion is you did a fantastic job protecting yourself and your account.  

Beware of Account Takeovers   Beware of Account Takeovers

by: rachel This user has validated their user name.

Wed Sep 24 17:43:34 2014

You might want to read this about what ebay is doing about the hacking...even though security experts disagree with them. Allowing account to be vulnerable is just plain stupid After you read this you might see what I mean. There is always risk online but it should be prudent risk. They are risking their brand and reputation and sales for sellers and security in general. How to lose a good thing. You know how people say ebay in that condescending ton? This won't help. The bain of our existence.

http://www.forbes.com/sites/leoking/2014/09/23/ebay-
in-security-storm-with-dangerous-flaw-wide-open/

Beware of Account Takeovers   Beware of Account Takeovers

by: Casmige This user has validated their user name.

Wed Sep 24 23:29:57 2014

I use the Token validation & ID Protection thingy for both my eBay & PayPal account.

Strong 18 Letter & Number (Some CAPS Too) + an ever changing 6 Number appendage to log in each & every time??

How could that be hacked??.

Do you guys not know about this added or additional  layer of log in security??.

http://www.healthypasswords.com/content.Healthy_Pas
swords_How_to_use_a_Verisign_VIP_Token_with_Ebay.html

Beware of Account Takeovers   Beware of Account Takeovers

by: comet This user has validated their user name.

Thu Sep 25 01:42:56 2014

A long long time ago--years--I had an "Account Takeover"  when I noticed that some how I had listed--a motorcycle for sale!  

Nope!

I have several but--none for sale then or now.

I contacted ebay --I think they had Live Chat then--and was helped and the listing was removed;  PW changed etc.  

Kinda scary--what if some one had BID on this alleged bike?  what ELSE would the hacker do?  

And that was way way back before hacks were an everyday occurance and before the "stakes"  were so high--I think this was back before Paypal even.

I don't know that the OP or any of us will positively KNOW how this happened----but we WILL know to be wary of ebay BECAUSE these things CAN happen.  

OP===Where ARE you moving on to sell?   We are ALL looking for decent venues to MOVE to and would welcome any insight.  

Beware of Account Takeovers   Beware of Account Takeovers

by: JTA This user has validated their user name.

Thu Sep 25 03:28:46 2014

comet...yes, we're all looking for another venue. I've tried several that were a total disappointment. I've spoken to others who, like me, stopped listing on ebay, and are still site shopping, hoping to find something that at least looks encouraging. If we all banded together and brought our business to one site...? Imagine the overnight growth they would have! Nice thought.  

Beware of Account Takeovers   Beware of Account Takeovers

by: snickers223 This user has validated their user name.
Web Site

Thu Sep 25 07:04:57 2014

And there lye's the problem when Ebay started it was the only venue like that  but now so many have started up that sellers are all over the place ..All need to bond together at one site to make the next site work like Ebay did...but everyone has a different idea on what site is good or not so doubt it will ever happen ..and that makes JT&A comment exactly right!!

Beware of Account Takeovers   Beware of Account Takeovers

by: ellisdtripp This user has validated their user name.

Thu Sep 25 09:37:09 2014

I had a similar experience last November when someone from the UK posted about 1100 bogus auctions (New PRS guitar, $2.95 was one listing) on my eBay account, all with the notice that you should contact the seller at a particular email address (how they got an email address in a listing is beyond me, but the they did hack the account...) before bidding. Within and hour of these postings I was notified by someone browsing my listings, I contacted eBay and the listings were immediately removed. Funny thing though, my sales had been plodding along before the hack and afterwards they increased about 400% until spring when they dropped off to a moderate pace and have pretty much remained that way.

I agree about the search for another venue. I have tried several with dismal results. And Comet's idea is on the money. What is needed is a venue that has resources to promote itself the way eBay did years ago.

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: shabbychick

Thu Sep 25 10:38:30 2014

JTA:You say: '' If we all banded together and brought our business to one site...? Imagine the overnight growth they would have! Nice thought.''

Even though I am having pretty good sales at Etsy, not everyone can sell on Etsy YET.

Therefore IMHO I urge everyone here to move your unsold Ebay listings to Bonanza once a week.  Anyone can sell anything there and it is an attractive well run site. There is nothing to lose. Keep the items on  Ebay as well if we must -- and Bonanza charges nothing to list and has an ''Import from Ebay'' feature that requires nothing but a click.
That said, my sales at Bonanza are not good. Not nearly as good as Ebay and Etsy, but like you say if we all do that  ---move our listings at least once a week AND start buying on Bonanza if possible....the miracle could happen!  
 

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: iheartjacksparrow

Thu Sep 25 11:37:44 2014

One more time.... eCrater! There's no listing fees, a FVF only if the sale originated from a search through their home page, and you can import you eBay listings. And you can sell anything.  

Beware of Account Takeovers   Beware of Account Takeovers

by: Gina This user has validated their user name.

Thu Sep 25 12:02:25 2014

Wow!  Kinda scary having it happen so late at night!  If you hadn't still been up and at the computer......
Now, I hate eBay so much that I don't even trust PayPal because the same guy is running both!!

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: Basset

Thu Sep 25 12:09:10 2014

@jacksparrow -

I put a few heavier weight items on ecrater this morning - adding them a few at a time.

Can you expand on the method(s) you use to promote your ecrater site?  Thanks.
Even though I sell pre-owned Google does seem to accept my attributes OK.  

Beware of Account Takeovers   Beware of Account Takeovers

This user has validated their user name. by: windsorbear

Thu Sep 25 12:44:42 2014

Well, I am the OP, and other than that annoying "recently updated ID" icon that appears next to my username, everything seems alright.  I still don't know how it happened.  I did a search on eBay for the "new" username that my account was changed to, and interestingly enough when I do a search for that user on eBay, it points back to me... I guess since in eBay's history, it shows that my account was changed over to that name, albeit briefly.  As for other venues, I am currently listing on UniSquare, WebStore, and eCrater.  No current sales on either one, though I have had sales on UniSquare in the past.  Many years ago, I used to list on Bonanza (then Bonanzle), Atomic Mall, and eBid.net.  A few sales on all three, but nothing to write home about.  I don't list on Bonanza anymore because their minimum final value fee is 50 cents.  I sell mostly low dollar items, usually priced at $1.95 and 50 cents is a big chunk out of a $1.95 item.  If they ever get away from that 50 cents minimum, I will probably list on them again!

Click to view more comments
1 2  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.