eBay

beautyfixed · ‎07-02-2020

This is my selling experience with eBay over the past two days.... let your fellow sellers know!!!!!!!

"I called your customer service. My account was hacked. Your specialist told me he had never seen anything like what had happened to my account before. I actually had to tell him what I thought was going on, then he checked into it for me. These hackers went in my account and changed my business policies. Each time someone checked out, my money went into a different email. He couldn't help me fix it. I had to end 78 listings.. ( i cannot even fathom how much that cost me) and I had to cancel so far 19 orders ($282.50) just in cancelled sales.....that is a HUGE amount of damage done to my account. A HUGE loss of revenue, a HUGE loss of customers, and a huge risk to my business. What I want to know is why didnt eBay protect my account? Why was my business damaged so severely with eBay even knowing? How does this happen and eBay has no clue how to fix it? And what is eBay going to do to compensate my loss? If I didn't insist on your specialist taking a look into the email addresses that attached to my account...... I would still be losing revenue."

valueaddedresource · ‎07-08-2020

@coolections wrote:
@valueaddedresource
The way to help the OP is teach them about phishing attempts, spyware, and all the other things you say you know about. Teach them about not clinking links in emails, tell the to always go straight to the source of a site and not rely on an email that looks legit. Tell them to make sure they always log off and to change their passwords often, etc. You are not helping at all with the stuff your spouting. If an Ebay server was hacked people would know about it within a day and it would affect many many people.

@coolections I never said an eBay server was hacked(recently). I also never said people shouldn't take precautions and educate themselves about basic security.

Sounds to me like if anyone is guessing here it is you guessing at what I have said - quite inaccurately I might add. Not sure why you would choose to do that instead of actually reading my posts and looking deeper into the information I have shared.

I'll say it again just to be clear - I have no visibility into how it is happening, so I choose instead to bring attention to the fact that it is happening.

I am simply sharing what I have personally experienced and what others are reporting happening to them.

There are many ways for personal data to be compromised that do not rely on the person themselves falling for a phishing scam (the article that @thenwoback posted is just one example). I'm not sure why you would insist on only focusing on phishing when cyber criminals sure don't. I suppose that is your prerogative, but I'm not going to be bullied into agreeing with you.

lakku-6059 · ‎07-08-2020

@dubiousgain wrote:
@heakal-54 wrote:
@dubiousgain wrote:
@heakal-54 wrote:

I dare say the amount of incidents that are blamed on ~~hacks~~ or glitches (which are in fact due to user error) is far higher than most people think.
I rest my case.
Your case??? Mercy . ..😉 Even if that statement has credulity, it still doesn't negate all the instances that are not caused by user error.
First you replied to the wrong person, my name ain't Mercy.
See how that happens?

So lets read that first part again:
I dare say the amount of incidents that are blamed on hacks or glitches (which are in fact due to user error) is far higher than most people think.

Statement which your reply actually reinforced when you stop and think about it.
But you have to stop and think, stop all that extra noise and all those things you're doing and before you reply read everything, then stop and think.

Oh, please.... Don't be too impressed with yourself. That, which you said, is a moot point; It makes no sense, it's like the term "what for". Your statement is vague and has no point of reference, "Far higher"? What is that, and by whose standards? And "most people"? What kind of a ratio are you speaking of? What constitutes most? It's a flippant, superfluous statement.

Please do not hijack threads into off topic territory with interpersonal battles.

Nobody replied to you, the original reply wasn't aimed at you. We're hijacking the topic as the original reply was to the OP @beautyfixed , please don't stray and go picking on folks to feed your personal quota of battle drama you feel is required for you to exist.

Big problem with this community, this was not an attack on you for if it were we would have replied to you direct, please do not hijack topics.

Thank you now.

dtexley3 · ‎07-08-2020

@nuclearomen wrote:
@yuzuha wrote:
@valueaddedresource wrote:
As I said, it appears that bad actors may have figured out a reliable way to gain unauthorized access to a large amount of user accounts. I can't say for sure yet exactly how it is happening, so I won't post unsubstantiated claims.
Or did the people simply have easily-guessable passwords? I mean, look at all of the people who thought their Disney+ accounts had been hacked when it turned out that no, they'd just used Disney princess names as passwords and some hackers got smart and tried plugging Disney princess names in as passwords for accounts.
🤣

I hold data security ratings and served two years as our data security officer. Give me a table of usernames and encrypted passwords and I can crack passwords. Last stats were that 25% of passwords are easily crackable, another 50% use passwords of only moderate strength and can be cracked in less than a week. Only about 5% of passwords are of sufficient complexity to make cracking an unreasonable endeavor.

For most hackers GETTING the table of usernames/passwords is the hard part. It's much easier to setup a phishing scam to lure users into giving up their passwords thinking they are "fixing" their account or drawing users to a site that installs a keylogger or trojan.

Bottom line, google how to create STRONG passwords from a "passphrase". Don't reuse them on multiple sites. If it's difficult to remember all the different passwords, use a credible online password safe that allows you to access them from multiple devices. And change your passwords periodically, no site is completely safe.

Member of the Grumpy Old Man crew

valueaddedresource · ‎07-08-2020

@dtexley3 thanks, that's great information! And it goes to show again why I am not focusing on the how, because as you pointed out the how could be simple and/or there can be several explanations.

To me the important part is regardless of how accounts are being compromised, what is eBay doing about it?

In the case of the OP, the payment diversion fraud they are describing has been known to eBay since at least early 2019.

In the case of the triangulation fraud I have been dealing with, I have read articles going back to at least 2015 describing the exact same thing happening on eBay.

So while eBay may not be able to stop all of the different ways bad actors may gain unauthorized access to accounts, they can and should be using technology to identify and mitigate the fraudulent activities we are seeing those compromised accounts being used for.

Regardless of how the OP's account was accessed, there is no good reason that eBay couldn't have something in place to identify and notify the account holder and/or Trust & Safety when payment details are changed like this.

That should have been priority #1 when this fraud was discovered happening on eBay UK last year (or whenever eBay first became aware of this type of fraud) and it seems that eBay has not even done something as basic as that.

dtexley3 · ‎07-08-2020

@valueaddedresource wrote:
@dtexley3 thanks, that's great information! And it goes to show again why I am not focusing on the how, because as you pointed out the how could be simple and/or there can be several explanations.

To me the important part is regardless of how accounts are being compromised, what is eBay doing about it?

.

There's a LOT eBay COULD do that would quickly and significantly reduce fraud. But they have little skin in the game. The higher ups simply do not understand how fraud impacts them in non-monetary ways. And since financial impact (for eBay) is minimal, there's no reason for eBay to invest money in fraud prevention.

Member of the Grumpy Old Man crew

coolections · ‎07-08-2020

@valueaddedresource

We already know the OP said she/he got hacked. OK, thanks for letting us know that just in case we did not read the title. Unfortunately for the OP it was NOT an Ebay server as there would be hundreds of posts in a single day letting everyone know the server got hacked. I understand you are trying to blame Ebay but in this case it is just not true.

valueaddedresource · ‎07-08-2020

@coolections wrote:
@valueaddedresource
We already know the OP said she/he got hacked. OK, thanks for letting us know that just in case we did not read the title. Unfortunately for the OP it was NOT an Ebay server as there would be hundreds of posts in a single day letting everyone know the server got hacked. I understand you are trying to blame Ebay but in this case it is just not true.

@coolections Again, I never said an eBay server had been hacked in regard to the OP's experience. I'll tell you as plainly and simply as I told the other person on this thread who tried putting words in my mouth - don't do it.

Everyone here can read exactly what I have said and haven't said. Continuing to insist I said things I haven't reflects more on you than it does on me.

As far as blaming eBay, I have simply pointed out that the same fraud as described by the OP has been known to eBay for a minimum of over a year and they have apparently done very little if anything to prevent it, train their customer service people how to identify and handle it, and/or warn sellers about it.

I'll leave it up to everyone who actually cares to read my posts and the links I provided to determine for themselves what to think of eBay's actions or lack thereof and/or eBay's responsibilities in this matter.

mam98031 · ‎07-08-2020

@valueaddedresource wrote:
@coolections wrote:
@valueaddedresource
We already know the OP said she/he got hacked. OK, thanks for letting us know that just in case we did not read the title. Unfortunately for the OP it was NOT an Ebay server as there would be hundreds of posts in a single day letting everyone know the server got hacked. I understand you are trying to blame Ebay but in this case it is just not true.
@coolections Again, I never said an eBay server had been hacked in regard to the OP's experience. I'll tell you as plainly and simply as I told the other person on this thread who tried putting words in my mouth - don't do it.

Everyone here can read exactly what I have said and haven't said. Continuing to insist I said things I haven't reflects more on you than it does on me.

As far as blaming eBay, I have simply pointed out that the same fraud as described by the OP has been known to eBay for a minimum of over a year and they have apparently done very little if anything to prevent it, train their customer service people how to identify and handle it, and/or warn sellers about it.

I'll leave it up to everyone who actually cares to read my posts and the links I provided to determine for themselves what to think of eBay's actions or lack thereof and/or eBay's responsibilities in this matter.

Stop, we are grown ups here, you can use my name. I NEVER tried to put words into your statements. I asked you if you were saying Ebay had been hacked or that the way you word it sound like that is what you are saying without actually using the word.

Speaking for myself only, I think your intentions are good, I don't doubt that. I think there is plenty of blame to go around. Some of us need to take more ownership for what we do and don't do in an effort to protect our information. From strong passwords, firewalls, etc. Ebay may play some part in all of this as well. There may be things they can do to help keep us secure however we must start with ourselves and how we treat our own information.

mam98031 • Volunteer Community Member • Buyer/Seller since 1999

"I can explain it to you, but I can't understand it for you." Quote from Edward I Koch

valueaddedresource · ‎07-08-2020

@mam98031 wrote:
Stop, we are grown ups here, you can use my name. I NEVER tried to put words into your statements. I asked you if you were saying Ebay had been hacked or that the way you word it sound like that is what you are saying without actually using the word.

Speaking for myself only, I think your intentions are good, I don't doubt that. I think there is plenty of blame to go around. Some of us need to take more ownership for what we do and don't do in an effort to protect our information. From strong passwords, firewalls, etc. Ebay may play some part in all of this as well. There may be things they can do to help keep us secure however we must start with ourselves and how we treat our own information.

If you are asking what someone is saying, it is customary to form that as a question - not as a statement which is your incorrect interpretation or paraphrasing of what was said.

I choose my words carefully and try to be direct. Trust me, if I ever have data that directly shows an eBay server or the eBay website being hacked, I will be shouting that from the rooftops. I don't speak in riddles and no one needs to dissect my posts for hidden meanings or messages.

As far as not tagging you, it was simply an attempt not to engage in any more back and forth and to make my position and meaning on this issue crystal clear. Nothing more needs to be said.

dubiousgain · ‎07-12-2020

@lakku-6059 wrote:

Nobody replied to you, the original reply wasn't aimed at you. We're hijacking the topic as the original reply was to the OP @beautyfixed, please don't stray and go picking on folks to feed your personal quota of battle drama you feel is required for you to exist.

Big problem with this community, this was not an attack on you for if it were we would have replied to you direct, please do not hijack topics.

Thank you