My eBay account got compromised
Yes, it can happen to you. It happened to me over the weekend. I got a bit suspicious as I was taking my family back to the airport and some strange emails started showing up in my inbox. Questions from some folks in Hong Kong about shipping an “unlocked” iPhone to Russia. Huh?
So my Spidey sense was tingling by the time I got to the house and I received maybe 3 or 4 of these strange messages. I headed right to Incite Central to log into my eBay account and see what the hell was going on.
Ruh oh. It was already locked. That’s when I got a message from the fine folks at eBay saying my account had been compromised as someone was using it to send bad emails to other eBay members. They also mentioned that the account was not used to list or bid on other items, just the email issue. There were instructions on how to “reclaim” my account.
I went through the process, which was through an online chat. The folks verified my identity (and the address I had on file was at least 10 years out of date, uh!) and reset my password. Then I had to change my account information, but the account was still locked. So I went through the process again, and after another identity verification, I was able to update my information.
Then my personal containment plan went into effect. I promptly changed the passwords to any account listed in eBay. It turned out to only be one email account, but I changed a bunch of other accounts – just in case. I figured better that than having a full on breach.
What happened to start this mess? A weak password. Pure and simple. I had set up my eBay account before I got strong password religion (and 1Password to manage them).
This was a low cost reminder for me of the importance of constant vigilance. I hadn’t updated my eBay info in 10 years and I used a terrible weak password. I got lucky. It could have been much worse.
Hat’s off to the eBay folks, who figured things out even before I did (and it didn’t take me long). Their system was proactive and straight forward to reclaim my identity. Any online provider can and should learn from this.
But the final lesson is yours. Check your stuff. Stay alert and use strong passwords. Remember it can happen to anyone. Even you.
Photo: "eBay Live 2005" originally uploaded by Jochen Siegle/TechShowNetwork
Tom,
Great point about the PayPal/eBay Security Key, which is basically a token-based authentication scheme. Funny thing is I got one as a review unit and never set it up because I don't use either eBay or PayPal enough and figure the strong passwords I use for PayPal are good enough. But for those folks that use either eBay or PayPal a lot, using the token is good idea.
Mike,
Is there a comparable Windows application to 1Password?
Thanks...
Once you get used to the set up, it becomes a necessity. Each passcode doubles as a link back to it's site. Never do you have to remember your passcodes and you can always back them up both locally and online in case of a PC crash. Siber Systems is great with free updates and fixes. And they never stick you with an "upgrade" fee. In the end Roboform is just one of the best time-savers that you can install on your PC. About Daren: I have 10+ years as a Security Engineer recruiter for the Info-sec vendor industry. I am happy to read that our host is happily employed within the industry again.