eBay - Possible security breach

[moose1010]

http://forums.ebay.com/db2/thread.jspa?threadID=2000439492&start=0

http://forums.ebay.com/db2/thread.jspa?threadID=1000565444&tstart=0&mod=1190745265852

This morning someone using an automated process  posted detailed personal info about thousands of eBay accounts on eBay's "Trust and Safety" discussion board. The info included eBay ID, name, address, credit card #, CVV #, etc. The "Trust and Safety" board has been temporarily closed down.

There have been conflicting reports about whether the CC info is valid; some users claim yes, others say the #'s are made up. Either way, check your CC and eBay account activity closely for fraudulent use.

It's not known whether this is a direct hack of eBay's database, or if all this data was collected via phishing/account hijacking. eBay has reportedly claimed that this entire story is a hoax, but I saw the personal info, and many eBay members saved screen snapshots to document the breach.

[jamesmck]

The discussion thread there is very confusing.  Where would one check to see if his account name is affected?

[Don Day]

Yes, a lot of chatty people and too many cutesy pictures (wait, that sounds like nelsonfoto!?!?!).

This is unofficial info from one concerned watcher: http://shenemanfamily.com/comp.html . As she says, whether your name is there or not really doesn't mean anything anyway. The best advice is just to watch your CC's funding bank account for suspicious activity.

[jamesmck]

I don't appear on that list, but have changed password anyway.  Thanks.

[cenelson]

Over the last week, I've been assailed by phishing attempts... from Wachovia, BOA, eBay, etc.

All are easily determined as fraud, by my eyes at any rate, though I'm sure many have panicked first and caused themselves great trouble.

As a general rule: NEVER click a link in an e-mail from a company you do business with.

If there is a legitimate issue at hand which requires your attention, simply log into your account the way you normally do: by visiting the actual company website and logging in through their secure application.

Anything needing your attention should appear internally, in your account control panel. Just as genuine eBay notifications are shown in your MyEbay page under messages, so should most if not all other important issues appear in your other vendor accounts.

Be safe, remain calm, and think before you link. Period.

Craig

[Austintatious]

My fellow forum members,
my E bay account has not been hacked, however someone purchased a $3400.00 diamond pendant on E bay and used my Pay Pal account to pay for it!
I have taken all of the approeriate actions to stop payment and everything looks like it is going to be OK. I am just trying to understand how Ebay can let someone win a bid, and then pay for that with a different Pay pal account/screen name and so on. The same credit card was also used on my Amazon account to purchase something small.This actually happened first, no doubt to test to see if the card was good and if I would detect the purchase.
For your own safety, everyone should change all of your on line passwords!

Charles

[Ronald Bishop]

It took me 2 weeks to get my account to recognize me. It was compromized and send phony messages to other accounts claiming they hadn't recieved thier goods.
   Ebay shut it down, I had to off the top of my head answer questions that only I would know. I answered a couple of them  but then I thought, am I giving info to somebody but ebay so I stopped.
    I called on the phone for cusumer help and found that I was talking to the proper people. I said there had to be a better way and I think there was. I faxed my ID to them.
    Then I had that health problem and let it go for awhile.
  When I did re-contact them they told me that I would have to start over with a new account, and loose my feedback rating.
   I told then no, that there were more auction sites I could go to. I had saved the e mails from them, along with the fax info, which I forwarded back to them.
    About an hour latter they called me from British Columbia on my home phone. The next morning I had a email with a password and I was back in bussiness with my original account, and my feedback.
    I tested it out on a Kodak Retinette A1, Just like the one I donated to a photography class last year sometime.  Figures

[Ronald Bishop]

It took me 2 weeks to get my account to recognize me. It was compromized and send phony messages to other accounts claiming they hadn't recieved thier goods.
   Ebay shut it down, I had to off the top of my head answer questions that only I would know. I answered a couple of them  but then I thought, am I giving info to somebody but ebay so I stopped.
    I called on the phone for cusumer help and found that I was talking to the proper people. I said there had to be a better way and I think there was. I faxed my ID to them.
    Then I had that health problem and let it go for awhile.
  When I did re-contact them they told me that I would have to start over with a new account, and loose my feedback rating.
   I told then no, that there were more auction sites I could go to. I had saved the e mails from them, along with the fax info, which I forwarded back to them.
    About an hour latter they called me from British Columbia on my home phone. The next morning I had a email with a password and I was back in bussiness with my original account, and my feedback.
    I tested it out on a Kodak Retinette A1, Just like the one I donated to a photography class last year sometime.  Figures

[Raid Amin]

This is very scary indeed. I once canceled my Paypal account and maybe I should repeat this.

[Don Day]

Raid, Ronald's story is from a year ago--why does it now cause you concern about your PayPal account?

[martolod]

Raid, Ronald's story is from a year ago--why does it now cause you concern about your PayPal account?

yeah...i'm scratching my head as well...

[moose1010]

Maybe it's time to "un-stick" the sticky on this thread.

[Raid Amin]

Raid, Ronald's story is from a year ago--why does it now cause you concern about your PayPal account?

Don,
I missed that little detail! I saw Paypal .... and I saw scam .... I quickly left NFF to check my Paypal account.

What a relief!

[Don Day]

At any rate, a strong password changed regularly and kept secure is the best insurance against fraud. Canceling any banking account preemptively is sort of opting out of your right to do business online. (search on maximum entropy password to learn how effective a good password can be)

[Glenn Thoreson]

Something must be up. I just paid for a purchase with PayPal and had to update my card information before I could complete the transaction. A word about protecting yourself: Use a credit/debit/check card for all PayPal transactions. I refuse to link my account to a bank account, also. Visa, MC, et al will help recover money lost in fraudulent transactions. I keep a dedicated small bank account that is used only for PayPal deals. If it's compromised, they won't get much. Never, never, NEVER click on any links on emails that claim to be from eBay, PayPal or banks that ask for information of any kind. These institutions do not request things like this in emails. They already have it. If something's wrong, they will contact you by phone or snail mail. Please, and this is important, report any and all emails from eBay or PayPal that ask you to log in. Forward them to spoof@-----.  I have been using these resources for years without any problems whatsoever. I believe in taking steps to assure it never happens. You can, too.