ebay acct hacked?

DJFuji

Diamond Member
Oct 18, 1999
3,643
1
76
Got this email from ebay which at first i thought was spam but read further and realized that it was a notice that my account had been hacked. I went to ebay.com and logged in and my password had been changed! I reset it and saw the same notice in my account page.

It doesn't add up, though.

* I'm firewalled behind software and hardware firewalls. No outbound traffic i dont specifically authorize.

* I'm pretty paranoid about security. The chance of a keylogger is pretty slim. My passwords aren't easy to guess.

* When you change your password on ebay, their system sends an email to the address listed and also sends you an 'alert' in your account details which cannot be removed for two weeks. How was someone able to access my account, change my ebay password, and then not have either an 'alert' show up in my account that my password had been changed OR an email sent to me?

* Let's say they changed my email temporarily so that i wouldn't get the email notice. Even if they had that information, i should have received an email saying that someone was changing it. Let's say they intercepted the notification email. That means they'd have to have BOTH my ebay AND my email password (which are different). AND they'd have to intercept and delete the confirmation email before my outlook client downloaded the email. Given that my outlook client runs 24/7 and downloads email every 2 minutes, the entire scenario seems highly improbable.

Sounds suspiciously like an inside job to me.

Anyone else experience this?
 

alchemize

Lifer
Mar 24, 2000
11,486
0
0
Yup, I had the same thing happen just recently. I couldn't even reset my password and it got permanently locked. Of course, responses to emails were automated crap, "create a new account". 7 years of feedback down the drain.
 

DJFuji

Diamond Member
Oct 18, 1999
3,643
1
76
Just spoke with a live rep who told me that the 'hacker' didnt change my password -- ebay detected he was spamming and reset my password to block his access. Which is why i never received a notification. Still weird that someone was able to access my account though. Brute forcing would take WAY too long.