posted on August 14, 2003 08:31:42 PM new
Today while looking at "My eBay" I noticed a bid placed on something I didn't bid on. Not only did I not bid on it...but it is for a collectible from a European seller and my proxy bid is over $2,000!!!
I pulled up the auction and sure enough there's my user id as the high bidder. The auction ends in a few days.
This blows my mind. How on earth did someone get my password? And why on earth would they use it to bid on something? How would anyone benefit from this?
I immediately contacted eBay to change my password. Unfortunately, once I did that they voided my old password and I haven't been sent a new one, so I can't access any of my info.
Anyway, this whole thing sends a chill up my spine. Has this happened to anyone else? [Not the chill, but the stolen id]
posted on August 14, 2003 08:50:36 PM new
Unfortunately, it is pretty common...
If ebay changed your password, you should have received an email within minutes with a temp password. If you didn't get it, they thief probably changed your email addy as well. You'll need to chat with ebay's Live Help during the day to get this resolved.
posted on August 14, 2003 09:05:47 PM newI pulled up the auction and sure enough there's my user id as the high bidder. The auction ends in a few days.
How on earth did someone get mypassword? And why on earth would they use it to bid on something? How would anyone benefit from this
First thing I would ask is did you click on a link that claimed it was from ebay or paypal? Think hard and long on this. I have seen so many people on these boards claim that their account was hijacked and they have no idea how this happened.
Very few have had their accounts stolen, they gave the scammers their password and user I.D. when they clicked on the phoney links sent to them via email.
As far as to what is the benefit to someone using your I.D, its simple, when they get the seller to sent the goods and then pull a chargeback or it turns out to be a stolen C.C. you will wind up with all the headaches as the seller will think that you screwed them over.
With your I.D. a scam artist could also use it to steal money from bidders when they do not ship anything and once again you will wind up with the headaches.
posted on August 14, 2003 09:17:36 PM new
this may be unrelated but it is worth mentioning-
there are some sellers who have high feedback and /or interesting user id which helps them sell in the category they sell,when they change their user id ,their old id can be used by anyone after 30 days and i have seen someone just snapped up their id 30 days later.
for example,if i am a successful,popular seller with high feedback as MICKEYMOUSE and i have sold many mickey mouse items,i decide it is getting kind of old and i changed my user id to DONALDDUCK.30 days later,someone either register with ebay as MICKEYMOUSE or just shed their old id and call themselves MICKEYMOUSE.
It is kind of spooky that someone is trailing you!!
-sig file -------They may have ginsu knife,but we have DING KING!!!!
posted on August 14, 2003 10:15:13 PM new
I'm cautious and have never fallen for one of those scam eBay/Paypal messages. So this can't be the way the scammer got my password and noone shares my computer.
I did hear back right away from eBay, letting me know that a new password was generated and I'll get it in 24 hours. Doesn't help me now. I had auctions end today and can't notify any of the buyers.
posted on August 14, 2003 10:34:17 PM new
I've read several books on hackers and it's amazing how they can figure out a password. If your Bob from Austin, Texas then the hacker will try your town, state, address, common nicknames, etc. If you post on message boards with your ebay ID the hacker can possibly learn a lot of other info that may help in a password attempt. Hackers also have 'password toolboxes' which are common passwords in a software package and this software attempts to enter your pasword on a site like ebay.
I know that Yahoo Auctions only allows four attempts at the password then shuts down the account for 24 hours. I'm not sure how many attempts ebay allows.
-------------- sig file ----------- He who angers you controls you
posted on August 15, 2003 06:36:53 AM new
I've had my PC hacked into a year ago, and there is no way to even describe the feeling of "cyber rape". I went thorugh the process of contacting EVERY financial institution I could think of including the credit reporting agencies (now there's a special red flag on my credit reoprts for the next 7 years-but still). If you've got a Pay Pal account, let them know what's going on.
I'd also consider letting your auctions all close and don't list anymore. Create a new ebay, Pay Pal and other accounts and close all the others if at all possible. I don't understand why ebay didn't suggest this, but under circumstances like this, they're pretty useless anyway.
You should be able to contact your buyers "the long way around" buy clicking on the closed auction and then their user ID (even if the auctions aren't closed). I'm sure I'm late with this reply but if there's anything here that may be of help, then my job here is done.
Best of Luck, I know these things take a little time to get over. BELIEVE ME! I've been there.
Laura
posted on August 15, 2003 05:11:34 PM new
Hi everyone.
I thought I'd give an update.
After not receiving a temporary password via email from eBay, I contacted their Live Help and discovered they had no record of my request (even though they sent me an email confirming my request.) Anyway, I was able to change my password.
As for the bid retraction, that's another headache. The options for retracting are: a. I bid wrong amount b. Seller changed info. and c. Seller unreachable. So....I have to have it on my record that I placed a large bid in the wrong amount. Great.
I'm still puzzled about how the hacker would benefit from placing this bid. If I was the winner when the auction ended, the seller would only have my contact information, right? How would the hacker somehow get involved?
posted on August 15, 2003 05:49:54 PM new
Here's an idea I push once in a while when someone upgrades their computer.
Keep the old one! Most people want the shiny new box to do all their work
but do you really need to? Surf the web, do your listings, and e-mail from the
new box since it's faster. But leave all the apps you use to run your daily life
on the old box.
Do your banking, Paypal stuff, bill payments, and anything you don't want
the whole world to know about on your old machine. When you really need
to, just Login - do your business on the old machine and log back out. Your
MS Money, Taxes, spreadsheets, and bookkeeping all gets done on the old
machine.
You can buy a pair of network cards and network the two machines together
if you really want to. The separation of info helps if you ever do get hacked
since only one part of your data is on either machine and directly available to
the Internet. Of course a experienced hacker can get to the second machine
through the network but it's less likely.
Firewalls, get one. Try Tucows and do a search. Try Sygate! Or try the one
everybody raved about last year or last month. One thought though. Don't
everybody go out and get the same firewall. That's one of the reasons Windows
is so vulnerable. It's so plentiful it's a easy target. If everyone ran Mac's then
the Mac's would have more vulnerabilities. The mix helps.
Got a CD writer, Zip Drive, or maybe a memory card reader for your camera?
Store any private data there. When you're online keep the private data storage
media out of the device and up on the shelf. Or use a floppy if need be.
Also, when you ,make up a new password - Make It Tough. Take something
like a word or short phrase. Pick a word that means nothing to you or anybody
who might know you. Randomly capitalize two or three letters. Add a number
on one end and another somewhere. MaKe1tTuff2FiguRe, get the idea?
If you feel you'll need to write it down or you'll never remember it then you're
probably on the right track.
While I'm at it I'll say one more thing about Windows PCs. Defrag! Backup then
Defrag! If your machine balks at defrag then run scandisk. Now Defrag. If you can't
seem to get defrag to run in a reasonable amount of time or it halts due to "too
many restarts" run it from "Safe Mode". Once you have a good backup and have
ran defrag run scandisk again. And once a month do a backup then scandisk and
defrag.
posted on August 15, 2003 05:56:36 PM new
As far as why would a hacker or anyone want to use your account to bid on something?
So he can buy it with a stolen credit card, forged cashiers check or some other scam
then disappear. They then sell the item for a profit because they never had any cash of
their own tied up and they had it shipped to a "drop" location that can't be traced to them
(maybe your own front porch even. Before you got home).
posted on August 15, 2003 06:50:10 PM new
You will deny this, naturally, but I'll bet your password was guessable.
AFAIK, eBay doesn't run any "crack" software. That's a program that checks passwords in a number of different common ways and when it spots an easily-guessable one, alerts an admin.
You wouldn't BELIEVE how many people use as a password:
Their eBay ID
Their eBay ID backwards
"password"
"ebaypassword"
"mypassword"
My mother was visiting me once and I was trying to help her with her computer problem. We called her ISP but they wouldn't assist unless we could give them her password (and she didn't recall it). It took me 10 seconds of thinking to guess it correctly.
A lot of people are no more sophisticated than my mother.
Someday I'm going to sit at a library computer and spend some time guessing peoples' eBay passwords. If you try this, don't do it from your home machine.
I am not a bathtub full of brightly-colored machine tools on Vendio.
[ edited by fluffythewondercat on Aug 15, 2003 06:51 PM ]
posted on August 15, 2003 09:02:22 PM new
Adding what jnash said, when you upgrade that hard drive to a larger one, don't be too quick to sell the old one at a yard sale or the flea market until you're SURE all the data is removed. Deletion and high level formatting won't do it. That data can be recovered in very short order. Use a utility such as Norton to do a secure erase. If you can download the manufacturers program for a low level format use that. A round from a .44 mag will also render the data unrecoverable as will a propane torch applied directly to the plates of the drive. You would be surprised at the amount of information that I have found on used hard drives I have purchased over the years. I once acquired a computer that had been replaced at a local convenience store. It had all the software for issuing and transmitting money orders along with a directory containing the names and passwords of the store owner and his employees who were authorized to issue money orders. One of my computers that I use regularly I obtained at an auction. It was from the county office of education and it contained the burglar alarm codes for every building they owned plus the master code that would access any of them. Needless to say, I made sure all of this info was immediately destroyed, but I often fantasise about what I could have done with that money order software if I had evil intentions.
The light at the end of the tunnel will turn out to be an oncoming train.
posted on August 15, 2003 09:22:34 PM new
Hee Hee. I love finding used hard drives. Always something funny
or useful there. I do a lot of repairs and many of those involve "bad
hard drives". I usually give the person back their machine with a
new hard drive containing most of what was on the old "broken"
drive. They think it's great I can do that.
Back in Feb. I recovered all a companies tax info along with the
tax stuff the bookkeeper had done for friends and family members.
They were happy. Very happy to get that back. And then there was
a CD full of family pics and jobsite photos I'd recovered also. They
hadn't even considered they might get those back.
posted on August 15, 2003 09:38:42 PM new
And if they use Quicken or Quick Books and leave it on the drive, you will know more about them than their mothers do.
The light at the end of the tunnel will turn out to be an oncoming train.
