Logged into ebay last night, noticed an auction for 30 sony phones - i've only ever sold one phone on ebay. Went into my seller account, noticed an increase of fees +£53. Most startled, contacted ebay and had listing terminated, and fees returned. No bids on other items or sales or purchases made other than the above.

Today got a letter supposedly from paypal saying (given below) Hacker must be very tech savvy but not very well english spoken or written. I do feel somewhat violated and am quite angry for his experience. I have yet to figure out HOW it was done?????

---------------------------------------------------------------------
Subject: Your account had hijacked
From: "PayPal" <hid@paypal.com>
Security Center Advisory!
We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address and we have reasons to belive that your account was hijacked by a third party without your authorization. If you recently accessed your account while traveling, the unusual log in attempts may have been initiated by you.

If you are the rightful holder of the account you must click the link below in 24 hours after you receive this mail and then complete all steps from the following page as we try to verify your identity.

Click here to verify your account

If you choose to ignore our request, you leave us no choise but to temporaly suspend or deleted your account.

Thank you for using PayPal! The PayPal Team
--------------------------------------------------------------------

Apart from feeling violated, with my personal information compromised, I am at a loss to understand how this came to pass.

1)I have the latests antivirus, firewall, popblocker, anti spyware software
2)I have sent countless spoof emails to paypal and ebay over the years. I can spot them, like the one above, easily.
3)I use ebay toolbar to prevent phishing.
4)Noone else has ever used my ebay details except for yesterday.

The above is just a blatant attempt to gain my paypal information. But it is accompanied with a direct compromise of a false listing for 30 sony phones, im very lucky to have caught within 2 hrs of their listing.

Now that my security has been compromised, and I do consider myself a savvy pc user (Building pc's is my hobby ) - I am at a loss to figure out how it was done and what measures can be taken to prevent this occuring in the future?

Any advice gratefully appreciated.

Thanks

If you choose to ignore our request, you leave us no choise but to temporaly suspend or deleted your account.


I think even Paypal would spell check their emails. :)

How strong was your password?
Have you changed your other passwords to things like your email, paypal online banking etc?

Jezmond - quite strong password, mix of numbers and words, uncommon

"How strong was your password?
Have you changed your other passwords to things like your email, paypal online banking etc?"

YES thanks, took me 2 hours, but that is done now.

i came online today to discover 14 chanel bags being sold by me apparently on ebay!

Now that my security has been compromised, and I do consider myself a savvy pc user (Building pc's is my hobby ) - I am at a loss to figure out how it was done and what measures can be taken to prevent this occuring in the future? Judging by the number of other threads on here, you need to seriously consider whether you have a keylogger on your system - run all the appropriate tools to make sure you are clear. Sound like you have probably got some spyware somewhere on there.

Somebody hacked my account and tried to sell over 100 channel bags and sun glasses!!
What is going on with ebay security?

Paul Caygill - thanks for that observation. Ruling out traditional hacking methods, the chances of a keylogger are high. How it may have come to be on my system which is passworded and only ever used for business, i am at a loss to know.

Can anyone reccomend a good anti keylogger program?

Any other advice appreciated.

thanks

i came online today to discover 14 chanel bags being sold by me apparently on ebay!

This has also happened to me this afternoon! :eek: 19 chanel bags in my case.

I need to sort this ASAP so I'm not charged fees!

SOunds to me like ebay security has either lapsed today or been challenged, its a bit funny this happening to all of us on the same day. Unfortunately someone clicked the buy it now link and has bought a chanel bag already, he was obviously concerned when I emailed him to say its either an ebay administration error or a scammer as he'd just spent £50.

I'm currently running that SUPERantispyware program recommended on another thread and so far it has found 6 trojans/virus! :eek:

Can I assume if I cancel all the listings now [to save some poor sod sending off a payment] that I can still use the Live Help function tomorrow with Ebay to get things sorted?

EDIT

Decided to cancel all the listings anyway. Not happy about this whole situation :oh-hum:

The login for eBay uses an HTTPS link, so we can rule out any network sniffing (wireless or wired).

Maybe there is a site explioting the Microsoft Vector Graphics Rendering Library buffer overflow? I'd be very suprised if there has been any problem with eBay's security, since it would be all over the internet in no time.

It seems likely that there has just been a sudden increase in the use of recent exploiting in Windows XP, leading to many PCs being infected.

I'd suggest making sure that XP is up-to-date (the vunerability I mention above is so serious Microsoft have released the patch early). I'd then thoroughly scan any affected system with AV packages and a couple of AntiSpyware packages (see Computing Forum for suggestions). Ideally I'd reformat a system to be 100% sure.

My account was also hacked.
Just used the software SUPERantispyware..

Found 641 cookie tracking programs!

Tink that explains how my account go hacked :)

Thanks to whoever suggested the program

Getting a little paranoid perhaps, I am checking ebay everyday from now on for a while to see no further breaches are made.

Assuming we are all reasonably secure and tech savvy, the only way i can think of for which a large number of us are being hit and approximately at the same time with the same type of fictictious sales - is with DELIBERATE INTENT. I propose the DVDforums is found by hackers as a fertile ground upon which to hack knowing a large number of small traders with ebay accounts frequent these pages and it is PROFITABLE for them to hack us. The methods listed below (pls feel free to add) are a few possibilities:

1) Clicking on emails
2) Phishing
3) Trojans
4) Keyloggers

Given the large number of people on the dvd forums targetted my working hypothesis is to ask a question:

How difficult would it be for a determined hacker to propose a bargain on the bargains section of dvdforums and link it directly TO or go VIA a site which reads the ip address and sends the trojan/keylogger/virus AS well as redirecting the clicked link to the bargain site?

If we as a community are being deliberately targetted for such a scheme it ought to be brought to the attention of the dvdforums organisers and (any) prevention measures taken.

If I'm wrong, im pleased to be so, but if im right, then i fear the rules of the game have changed for the worse and the IDENTITY THEFT of every one of us, potentially, may be at stake.

I welcome your comments.

Further if anyone would like to volunteer a list of musts, measures for prevention of such hacking, feel free. Perhaps this thread may become useful for those who havent beefed up their personal online security yet.

Found 641 cookie tracking programs!

Tink that explains how my account go hacked :)


Cookies can't be used to find your email password, so you haven't found the cause yet.

How difficult would it be for a determined hacker to propose a bargain on the bargains section of dvdforums and link it directly TO or go VIA a site which reads the ip address and sends the trojan/keylogger/virus AS well as redirecting the clicked link to the bargain site?

If we as a community are being deliberately targetted for such a scheme it ought to be brought to the attention of the dvdforums organisers and (any) prevention measures taken.

If I'm wrong, im pleased to be so, but if im right, then i fear the rules of the game have changed for the worse and the IDENTITY THEFT of every one of us, potentially, may be at stake.

You are being overly paranoid ;)

You can't just be sent a virus/keylogger if somebody knows your IP address. What is possible is that a website can use a vunerability in Windows XP/Internet Explorer to install an application without your knowledge. I'd be interested to know how many of you that have been affected are using Internet Explorer.

As I pointed out in my last post there is a critical vunerability which is currently being exploited, although up-to-date virus checkers (NOD32 definitely works) will counter this threat. A update from Microsoft has now been released as well, so check Windows Update.

I think a concerted effort to target the DVDForums is unlikely since there are enough techy people here to notice if links are being posted which include viruses etc.

I'd make sure you've not fallen for a Phish.

I'm a computer user of 15 years, web user of 12. Consider myself to be 'guru' like. However, fell for my first phish a couple of weeks ago.

The thing is theyre getting more and more legit looking. I only twigged when it logged me into the US ebay.

Was about time I got caught, needed to change my passwords really.

As rightly said, cookies aint the cause of these problems. The only 'real' way your account can become hijacked is if:

- You get phished.
- You're being keylogged.

I'd be interested to know how many of you that have been affected are using Internet Explorer

I'm using IE, but definitely up to date as regards Windoze [although one of those updates was just last night - after the event :thinking: ]

Just got an email from them saying they think my account has been compromised and I have to change my login password - again! :brickwall [I did this myself last night but they changed it again!]

Also discovered that my account had been tranferred to a business type from personal - changed back again OK just now.

Not so sure about the DVDForums being targeted theory. If you do a 'google' this seems to be an ongoing problem [I entered 'Chanel handbags' as a listing item as well in the search] going back throughout the year....

Using Internet Explorer and XP but service pack 2 woudln't install when I tried it a couple of years ago, might be time to try again! Run spybot search and destroy last night, all that came up were 5 DSO Exploit entries, but my spybot crashes at the making a reference point stage. WIll try this superspyware prog that someone has recommended perhaps if thats the best one. (Also have spyware Doctor on my pc, just have to reinstall it)

For reference, the email address given out for paypalling to the buyer of my bag was a combination of ds and s's followed by some numbers @hotmail.com, be interested to find out whether the other chanel victims have the same hotmail details given out.

As already said above, how many are using IE. I would advise using Firefox for a start as IE is so full of holes. Also (and im sure you wont say) how many have legit XP running that can be updated and how many have a "copy" that wont update due to invalid Key.
Best bet is to have a Linux install to use for all banking and ebaying stuff as its going to be alot more secure.

The guy with 641 cookies. I doubt this was the problem. Tracking cookies are normaly harmless and just slow down surfing a bit (i think)

Did anyone get to the bottom of this? I've had the same thing happened and I'm completely baffled as to how.....

I consider myself very careful about security, all PC's virus/spyware protected and a hardware firewall....

Happened to me as well on 27/10

not responded to any email for passwords etc, also checked all systems I have used for spyware / keyloggers and found nothing :(

Happened to me as well on 27/10

not responded to any email for passwords etc, also checked all systems I have used for spyware / keyloggers and found nothing :(

And me too on the 20/11 and I don't use IE...

This is bizarre..... how is it happening then?

I can only think of 2 ways -

Someone has hacked a forum and you've used the same username on password on there as with ebay.

or

They've brute force cracked the password

My Account was hacked today :(

Has i never gave ebay my DOB and stuff i've had to Mail them about my password anyone know how long this will take to get sorted?

My Account was hacked today :(

Has i never gave ebay my DOB and stuff i've had to Mail them about my password anyone know how long this will take to get sorted?

Same thing happened to me last year (pretty much exactly the same as happened to the other cases cited here). eBay were all over it within a couple of hours. By the following day all 80-odd listings (for Chanel sunglasses) had been removed and all but £1.24 of the fees had been refunded. I then spent 6 weeks chasing them to refund the £1.24 :oh-hum:

I'll die happy if I can avoid seeing further emails from off-shored customer services that start "Hi! I'm Randy! It's my pleasure to serve you today!"

Moving to eBay Forum

I'll die happy if I can avoid seeing further emails from off-shored customer services that start "Hi! I'm Randy! It's my pleasure to serve you today!"

are you sure that was ebay you were talking to:n0rty:

Just saw this today.. My account was hacked on the 31st March. It was whilst I was on holiday at my parents and hadn't checked my e-mails. When I logged on a few days later I found an Ebay e-mail saying that they've changed my password as a third party accessed my account.

Sure enough after I got the password reset to get back in, someone had used my account to bid and win £8,000 worth of stuff comprising mobiles, XBoxes and PSPs from Ebay.de They even changed my the e-mail details so that I wouldn't notice. All the sellers for the items were contacted by the 'hackers' and pretended that it was all for 'my son' in Nigeria. They even got one seller to send a PSP in advance and when they receive it they promised a wire transfer to their bank account - poor guy. I'm still trying to sort this out with the sellers but trying to explain in German is hard if you don't speak any! Some have filed non paying strikes and some have left me neg feedback but I'm getting Ebay to remove them as they come.

I had a 5 letter password previously and sure enough I've changed this to a letter-number combo with nearly 20 chars! I've done spyware scans and can't find anything so who knows how this happened! Ebay security systems compromised?

I doubt it's brute force or dictionary hacks, eBay's system would surely lock you out after a certain number of wrong guesses.

I suspect there's a lot of hijacks caused by people using the same login and password across different sites, which often have poor security.

But as said elsewhere, I think most are probably from keylogger trojans.

They even changed my the e-mail details so that I wouldn't notice.
It's really that eBay don't email the old address to say that the details have been changed. It'd be so easy to implement and would massively cut down the amount of time available for fraudsters to use a hacked account.

Well this happened to me last night and a nightmare it was. Can someone help me establish the best software to use to see if I have a key logger please?

Happened to me last night and had the good old Chanel sunglasses listed.
E-bay e-mailed to say they had cancelled the listings, but to reset my password by entering my personal details, but it appears they have been changed also as the system will not accept my details.

Do I just fire a mail back to e-bay (what's the best address to mail them on) asking them to reset my account?

Had my account hijacked this morning - first I knew, eBay sent me a message saying that I had had a request for password reset, and to please "click here" to carry it out.

Thing is - it wasn't a phishing email; I logged into eBay and saw the message there in my inbox.

I ignored it, since I didn't actually request one and assumed that eBay's security would be enough.

15 minutes later, I have 10 copies of emails the **** had sent (IP = Nigeria) to various people asking to buy laptops off them, from "outside" of the eBay auction. He detailed my direct contact email address too, in the questions to the sellers.

No idea how he managed this - I have since reset my password and secret question but am currently checking for keylogging...other than that I have no idea how they'd get into my account :(

ebay backdoor http://www.theregister.com/2007/02/20/ebay_conspiracy/

Thinking about it, it may be more likely that they got access to my hotmail account somehow considering that they were inviting people to reply directly to that address.

I've changed all passwords...eBay have replied with their standard guff.

What were your old passwords, anything easy or related to your personal information.?

Nope. I work in IT and deal with compromised servers most weeks so I'm fairly sensible when it comes to picking strong, unrelated passwords. Damned if I know how they did it.

It's been interesting getting replies from the people that the Nigerian contacted through my account though. One said "no" but the others were more than happy for him/me to pay via PayPal outside of the auction. I'd love to know how he planned to actually get the laptop(s) without paying...unless he'd also managed to nab someone else's PayPal account.

One of the latest scams to acquire your details involves taking your details off rouge forums you have signed up to and trying lots of different vendors online like Ebay etc etc

You would be surprised how many people use the same email address and password for everything we have had issues on a game called Guild Wars with this issue and always let any members know who sign up to our forum not to use the same details

My girlfriend's account got hacked today.

I changed the password immediately, informed eBay, the listing (a motorcycle) was removed.

Now... I can't get into the account to double-check things are OK, the password was 'reset' to an old one (as was the secret question.) Great.

I am awaiting eBay's response from their password@ address. All because some little ******* cocky ****** ******* decided they wanted to scam someone else. The way eBay deals with this needs to be sorted out.

EDIT : All sorted now, but they don't make it easy, sorting it out I mean. After all, some scroat causes all this hassle and you are the one who is left with the clean-up.

I got hijacked my ebay account before some guy sold a 10 000$ watch . Ebay refunded all the fees and removed negative feedback received from buyer . The most important thing to do to avoid this is to always check that the URL bar in your internet browser is on an ebay website .