Ok, I'm baffled! My eBay account was compromised and I dunno HOW!

[Gillbot]

Ok, as seen in THIS thread, my ebay account got taken over twice despite me having the Active Security Key. The key aside, I'm still trying to figure out how they got in.

I scanned my system using Trend Micro's Housecall online and it came up empty. I used hijackthis and it came up empty. I have AntiVir free installed and it comes up empty. I have used Spybot and Adaware and they have come up empty. I'm at a loss as to HOW they got in!!

Any ideas as to what I should try next? I've changed all the log in passwords and questions to everything important and SO FAR SO GOOD! But I want to track this down so it never happens again!

 

[Oakenfold]

Gillbot,
I'm not sure there is an easy answer. The first thing I'd do is literally go down through the Security Resource thread
Since you know there's already been a compromise and it sounds like you suspect it was on your system it might be easier to nuke or restore your system.

Is it possible that your system was compromised through another avenue than malware, virus or trojan? (i.e., Wireless).

What software did you have installed on the local machine for security?

I'm not familiar with the paypal security key, I'm guessing this is a virtual token of sorts that you downloaded from paypal?

 

[Gillbot]

It's a physical token like a Secure-ID they mail to you then you link it to your account.

Personally, I think it was a breach on their end but to be 100% sure, I'm looking at every avenue from MY end.

I rarely use wireless, usually when I do I use my work drive and the VPN through my work network. My work's security is very tough, I can't even run a virus if I wanted to, plus add the VPN on top of that and IMHO it should be nearly bulletproof. My wife uses our wireless and she hasn't had anything compromised so I doubt that's it.

I've been through so many threads on here and throughout google and anywhere else I can think of. I'm just looking for advice to track this down to ensure it doesn't happen again.

 

[Oakenfold]

This is the token?
Maybe Mech or someone else can chime in here. I'm not familiar of the mechanics of how the token would get compromised if it remains in your possession.

Okay I'm on board now, according to your other thread:

After fighting to get contact info for ebay which requires you to log in ironically, I get through to the change password page which works without the key. Ok, I think it will allow me to change the password but i'll need the key to log in... NOPE! It let me right in without the key. What a completely useless "secure" system! For some reason, there are holes in the security that allow logging in without the key. This is just one of them, I'm sure there are more as someone obviously got into my account without the key.

So it sounds like all they needed was your password and userid. My reading comprehension was a little off.

Again I would go down the security resource thread and look at all the recommended software, run some of the others to see if anything different turns up, it sounds like you are on a good start already. Me? I'm lazy, I like to format and run DBAN. It's not an option for everyone.


Maybe someone else has a different answer. Unless you have never logged into your Ebay account from another machine I would not count others out.

 

[Gillbot]

Edit: Yes, that's the security key.

There are 3 systems total in this house, 4 if you include my work lappy with my work HDD installed. (I swap a personal HDD into my work laptop so I can "play" worry free. They have AIM and etc. blocked and they remotely remove any software I install. I use the 2nd drive to get my Total Annihilation fix when on the road.)

Lets make the list:
Wife's Dell Lappy
T43 with personal drive
T43 with work drive
Main Rig

They all have been scanned as I described above and I have not found anything. If it was my wireless, I would suspect EVERYTHING would have been compromised. All of our bank accounts, ebay, paypal, everything.

 

[Gillbot]

no other thoughts?

i'm at a loss and i'm about to blame it on ebay completely.