posted on October 22, 2003 08:18:18 AM new
Hi all -
Just wanted to pass on what happened to me yesterday, and to praise (surprise surprise) Ebay support. I listed some auctions yesterday morning, then went about my day. I tried to log into My Ebay yesterday evening, and it said that my password was incorrect. I had also received an email stating that my email address had been changed, which it hadn't.
Right away warning flags were raised, and sure enough, someone had hijacked my account to list an auction for a motorcycle, which had already been bid up to $2025.00. I immediately contacted Ebay support, and I'd say within 5 minutes the auction was eliminated and my email address restored. No joke! Couldn't believe it. I then got onto the Live Chat helpline and a representative walked me through the whole process of getting control of my account again, changing the password, and moving on. Even though they had restored my email address to the account, the new password that the hijacker had put in remained, so I had to get a temporary password from Ebay before I could make everything secure once again. It was a hectic 2 hrs, but things worked out in the end. I was totally impressed with the support that Ebay provided.
I was informed that there are basically 3 ways someone can hijack your account:
1) You respond to one of the countless fraud spam emails (I hadn't)
2) You have an unimaginative password, and it can be guessed without much trouble (this is where I WAS guilty)
3) Virus (a keystroke logger) resides on your PC and periodically sends info about you out to an anonymous person. Defeated by running anti-virus software and a firewall (which I do)
posted on October 22, 2003 08:24:58 AM new2) You have an unimaginative password, and it can be guessed without much trouble (this is where I WAS guilty)
You have my respect for admitting this. 99% of the people who post here about their eBay account being hijacked are all innocence about how it might have happened.
Making the world a more decorative place, one eBay bidder at a time.
posted on October 22, 2003 10:26:43 AM new
Thanks Fluffy Yep, just got lazy...keeping an "easy" password for 4 years. Guaranteed that won't happen again.
I thought I'd post my ordeal so others can avoid this EASILY avoidable situation.
"Who's tending the bar? Sniping works up a thirst"
posted on October 22, 2003 11:26:58 AM new
Here are a few more hints about password protection you won't hear elsewhere.
First, remember that most servers are Unix-based. Unixes (variants of Unix) don't look at anything beyond the first eight letters of your password.
In other words, you could type in:
vendiouser
as your password and all the system would go on would be "vendious".
So try to avoid passwords in which the first eight letters are a real word or the first part of a real word. (Not that vendious is a real word.)
I once used "mozzarellA" as a password and it was cracked. "m0zzare11a" would have been a better choice.
I used to work with a young Unix admin whose name was Hal T. N*****. (masked to protect the guilty). He was an impatient type and not too wise about his password, either, which was "haltn*****".
Anyway, one day Hal was trying to fix something on a server that was up and running, and had about 100 users. The machine wasn't responding as quickly as he liked, so he was typing his commands and hitting a return without waiting for keystrokes to be echoed.
You may have guessed it: at a root prompt, he typed his password, the first four letters of which were "halt". That'll stop a machine dead in its tracks.
You think you feel silly. He had to explain to our manager and group that he had a very easily guessable password.
--
Making the world a more decorative place, one eBay bidder at a time.
posted on October 22, 2003 01:39:13 PM new
Hi, I read somewhere that the most common password, is actually the word password.
Reenie
I don't get even....I get even better Jimmy Hoffa
Yep, just got lazy...keeping an "easy" password for 4 years. Guaranteed that won't happen again.
Sniping works up a thirst"