My ebay account was hacked

Mazeroth
Mazeroth Posts: 1,585
edited April 2 in Clubhouse Archives
I got home from dinner and checked my e-mail. I had 9 responses from ebay members about auctions for Mustangs. I was a bit baffled and checked MyEbay and checked the Sent Messages section. Every message sent out said this:

This is exactly what I`m looking for. I have all the necessary funds available. What type of payment method do you accept? Please reply me at francisbobby75@aol.com . I`m looking to close a deal soon, so a quick reply will be welcomed. Looking forward to hear from you...

I changed my password immediately, contacted all the sellers and let them know my account was hacked and also e-mailed ebay (I love how they don't have a phone number listed!) and let them know my account was hacked. I have NO freaking idea how this happened, as my password is ridiculously difficult.

I'll keep you guys posted.
Post edited by RyanC_Masimo on

Comments

  • schwarcw
    schwarcw Posts: 7,338
    edited August 2006
    Yikes! Sorry to hear this happened. Keep us informed and let us know how eBay is helping you with this mess.
    Carl

  • audiobliss
    audiobliss Posts: 12,518
    edited August 2006
    Wow, that's a big bummer. I hope all the sellers will calm down nicely!
    Jstas wrote: »
    Simple question. If you had a cool million bucks, what would you do with it?
    Wonder WTF happened to the rest of my money.
    In Use
    PS3, Yamaha CDR-HD1300, Plex, Amazon Fire TV Gen 2
    Pioneer Elite VSX-52, Parasound HCA-1000A
    Klipsch RF-82ii, RC-62ii, RS-42ii, RW-10d
    Epson 8700UB

    In Storage
    [Home Audio]
    Rotel RCD-02, Yamaha KX-W900U, Sony ST-S500ES, Denon DP-7F
    Pro-Ject Phono Box MKII, Parasound P/HP-850, ASL Wave 20 monoblocks
    Klipsch RF-35, RB-51ii

    [Car Audio]
    Pioneer Premier DEH-P860MP, Memphis 16-MCA3004, Boston Acoustic RC520
  • szhleppy
    szhleppy Posts: 320
    edited August 2006
    Happened to me last year...somebody tried using my account to sell a couple of Harleys.

    Ebay actually caught it and sent me an email before I had even known about it. They should act quickly since you reported it.
  • michael_w
    michael_w Posts: 2,813
    edited August 2006
    Have you logged into ebay through any email links lately? Sometimes people will spoof emails to send you to a site that looks identical to the ebay site so when you try to sign in it logs your password and all you end up getting is an error message.

    Good you caught it quickly. Hope everything goes well.
  • danger boy
    danger boy Posts: 15,722
    edited August 2006
    so how much you want for that Mustang? LOL










    Ebay and AOL are probably the two most hijacked websites i know of. I've been hijacked on both before.
    PolkFest 2012, who's going>?
    Vancouver, Canada Sept 30th, 2012 - Madonna concert :cheesygrin:
  • billbillw
    billbillw Posts: 6,814
    edited August 2006
    There are so many Ebay "phishing" techniques out there. I'm sure you just got caught by one of them. The latest is where you click a link inside an auction and it asks you to login. FYI: You should never have to login to see a current auction. You only need to login to see completed auctions, send messages, and of course, to bid (or sell). Have you checked to see if your account placed any bids? Hopefully not.
    For rig details, see my profile. Nothing here anymore...
  • Demiurge
    Demiurge Posts: 10,874
    edited August 2006
    Uh, WHAT THE ****!?

    Same thing has happened to me. I have 18 listings on ebay according to my email for:

    eBay Listing Confirmed: NEW 100% BRAND SILVER TIFFANY&CO Necklace/Bracelet W13 (...

    I can't log into my account as it says it's suspended (I went to eBay through Google, not through my emails) I have never had anything like this happen to me before, and I have NO idea how anyone could figure out my password as nobody but me knows it, and it's super complicated.

    This blows, I am chatting with eBay live help now to get my account back...:mad: :mad: :mad: :mad:
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited August 2006
    Do you guys respond to email which may have been fish bait? I can't see how a complicated password has been hacked. Sorry guys I think this all sucks also.

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • Demiurge
    Demiurge Posts: 10,874
    edited August 2006
    I hardly use ebay unless I want to buy something. I've sold maybe 5 things, and the last thing I sold was back in December, and it was a big ticket item.

    As far as the emails -- I only click on the ones for items I know I am buying (bought) or selling (sold). Since I haven't bought anything there in a month I haven't been getting any emails. If I have they were deleted immediately.

    I'm not sure how else they can get into your accounts. :confused:

    In any event I got my account back tonight, and someone from eBay called me on the phone. I'm still freaked out about it because I don't get how it could have happened, and I also don't want it to happen again. So far all I did is changed the passwords on my email and my eBay account.

    Hope that works.....
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited August 2006
    Is it possible a common password is used for various websites had been compromised....

    Just thinking out loud a little this may educate all of us.

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • MacLeod
    MacLeod Posts: 14,358
    edited August 2006
    Man this is scary!

    My Ebay account is still ok, but then again I literally never use it.

    What scares me more is thinking of somebody hacking my PayPal account!
    polkaudio sound quality competitor since 2005
    MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
    08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st

    polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited August 2006
    As of today my password will be different for PayPal and Ebay then other sites.

    BTW did you two have a common password between sites?

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • MacLeod
    MacLeod Posts: 14,358
    edited August 2006
    Just to be safe I just changed my PayPal password too. Its now twice as long as the original one so I hope I dont forget it!!
    polkaudio sound quality competitor since 2005
    MECA SQ Rookie of the Year 06 ~ MECA State Champ 06,07,08,11 ~ MECA World Finals 2nd place 06,07,08,09
    08 Car Audio Nationals 1st ~ 07 N Georgia Nationals 1st ~ 06 Carl Casper Nationals 1st ~ USACi 05 Southeast AutumnFest 1st

    polkaudio SR6500 --- polkaudio MM1040 x2 -- Pioneer P99 -- Rockford Fosgate P1000X5D
  • Demiurge
    Demiurge Posts: 10,874
    edited August 2006
    I had two different ones.
  • Mazeroth
    Mazeroth Posts: 1,585
    edited August 2006
    Wow, four days later and STILL no f*cking reply from ebay about my account getting hacked. I now know that customer service is their number one priority!

    Also, here's a good method of developing a password. Think of a sentence that you can remember easily, then take the first letter of each word and make a password out of it. For example:

    Club Polk is the greatest place on earth = cpitgpoe

    I did something like this, and took it a step further. The first two letters of the site I'm visiting, I use as numbers on a telephone. For example, for Club Polk I would take the CL, which would be 25, and thus my password becomes cpitgpoe25. Just makes it a little more difficult for the hackers. There's NO WAY in hell they're going to guess that one. Oh, and yes, I did take it one step further. I alternate between upper case and lower case. CpItGpOe25.

    And no...that's not my password...any more! :D
  • Mike682
    Mike682 Posts: 2,074
    edited August 2006
    disneyjoe7 wrote:
    Do you guys respond to email which may have been fish bait? I can't see how a complicated password has been hacked. Sorry guys I think this all sucks also.


    Just another thought: In addition to email phishing, make sure you guys don't have any keystroke/keylogging programs on your systems (spyware/malware stuff). Keyloggers can spy on your comp and someone out there can see your passwords, even when they show up as little asterisks or dots when typing them.

    It does not matter how difficult the password is if someone else can see it on the other side.

    I'm just throwing this out here.
    Receiver: harmankardon AVR235
    Mains: polk R30
    Center: polk CSi3
    Rear Surrounds: polk R20
    Subwoofer: polk PSW404
    DVD: Panasonic DVD-S29
  • disneyjoe7
    disneyjoe7 Posts: 11,435
    edited August 2006
    Some password saving software in windows or cookies?? I just don't know for sure but this totally SUCKS.

    BTW Mazeroth, I agree that is a hard password but could be harder (not by much just saying) so mine has a special character with letters and numbers.

    Speakers
    Carver Amazing Fronts
    CS400i Center
    RT800i's Rears
    Sub Paradigm Servo 15

    Electronics
    Conrad Johnson PV-5 pre-amp
    Parasound Halo A23
    Pioneer 84TXSi AVR
    Pioneer 79Avi DVD
    Sony CX400 CD changer
    Panasonic 42-PX60U Plasma
    WMC Win7 32bit HD DVR


  • michael_w
    michael_w Posts: 2,813
    edited August 2006
    I know of a way to steal passwords by only having a user click a link. They go to the site and nothing malacious happens, it might even looks like a valid site. Through some fancy code it'll log your cookie and then you can just spoof the header code in an html or php page and voila! The person can get into your account without any password.

    People are always trying to brute force the password of the admin account on my ftp server. It happens about three to ten times a day where people will work at cracking my password for an hour or more. I got fed up with it and made the password so obvious and easy that the brute force program will crack it in seconds and then they have the 'admin' password. I wrote some files to attack their computers (crash then delete everything) but none of them have actually followed up on their new found password to the server. :(

    There are tons and tons of ways people can snatch your password, the most common being phishing, keyloggers and fake login pages, so just be really careful where you go and what you do with any info.

    Good luck to those who have already succumb to the problem...