Ebay Hackers

  Old Shep 11:13 26 Jul 2007

I have an ebay account which has been hacked. 32 purchases have been made on my behalf totalling £17,000. Ebay stopped even more but I have found out from some of the sellers that spoof Paypal payments were made and a request to send the goods to an address in Nigeria was made. My question is how do they do this - was my computer hacked or was it ebay itself.

  Old Shep 11:57 26 Jul 2007

Thanks for that do I take it they hack through ebay servers not home computers.

  Batch 12:10 26 Jul 2007

In the case of dictionary attacks described in the various items linked to above, surely a simple method that ebay could use to improve security would be for the login name used by each user (i.e. used solely for login) to be different from their User ID displayed on items for sale / bid for.

The dictionary attacks presumable just use the User ID (as widely displayed on ebay) and trawl the dictionary. The method outlined above would stop this dead in its tracks.

  Old Shep 13:10 26 Jul 2007

It is a good suggestion by Batch.Not only did they make purchases but changed my password and e.mail address as well. Somehow this was sussed out by ebay who changed them back and suspended my account until I provided security answers but not before the damage was done.

  Old Shep 13:14 26 Jul 2007

I have to say as well that ebay have not been helpful in this matter. I did e.mail them and got an aplogy in their response but told me to e.mail all the sellers and tell them to lodge an unpaid item dispute with me to get their insertion fees back.As I had 32 of them some believing me others didnt I would have thought ebay could have cancelled them all instead of putting me through hours of work sorting it out. I am not impressed.

  GANDALF <|:-)> 13:35 26 Jul 2007

before all the paranoia increases to gargantuan levels........in 7 years and having seen hundreds of computers and dealt with many more I have never seen a successful keylogger on a home computer. hacking home computers and their effectiveness is bordering on urban myth. in the sense of taking them over and stealing info, is largely an urban myth.

Your details will NOT have been taken from your home computer. There are three main ways of getting details...1) from an email scam; you are sent an email from 'Ebay' asking you to confirm your password, 2) you are directed to a page that appears to be an ebay login page but is actually a fake page. There have been a rash of these, usually advertising porn photos or ridiculously cheap cars, 3) details could (but unlikely) be lifted from Ebay computers. If hackers can do this to Barclays then Ebay should be easy.

A dictionary attack would take at least 15 mins and Ebay's login servers would reject multiple logins of 100,000 attempts per minute ;-)

Get a decent AV such as AVG free, a decent antispy prog such as spyware terminator and a dcent browser with anti-phishing/anti-redirection capabilities such as IE7. All these cost nothing and I fail to see any benefit from home users paying for any protection. You can have any old firewall but I haven't used a firewall for 4 years.

The one thing that all the malware websites tend to forget is that you will need a lot of common sense. many of these scams will not be stopped by a firewall so you need to be aware though not buttock-clenchingly paranoid.

None of this is rocket science and don't get waylaid by anyone claiming that hackers and keyloggers are rife on home computers...they ain't.


  amonra 13:49 26 Jul 2007

Thank you Gandalf for some words of wisdom.
Everyone these days seems paranoid about security and privacy but forgets that the most important measure is COMMON SENSE ! If you insist on visiting dodgy sites and letting your youngsters share all their personal details via "buddy" sites, then on your own head be it, dont complain afterwards.

  Old Shep 13:58 26 Jul 2007

Thank you GANDALF <|:-)> I have been a member of this forum for a number of years and have all the free programs you mention through the good advice on this forum. To amonra I would add that I do not visit 'dodgy sites' nor do I have any youngsters to put personal details anywhere.

  GANDALF <|:-)> 14:16 26 Jul 2007

Some sites can be quite innocent but if you use an anti-phishing plug in on your browser it should be OK. I have tried this many times with Ebay cars...the ones that are a quarter of the price they should be and I am always redirected to a site that is very similar to Ebay but the IE7 anti-phishing plug in always alerts me. It is worthwhile keeping an eye on the address bar in your browser to see if any weird addresses crop up.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Ryzen news - release date, UK price, features and specifications

The pulp art of 80s computer game magazine covers

Best value Mac: Which is the best £1249 Mac to buy

Comment faire des captures d’écran sous Windows 10 ?