Someone hacked my ebay and paypal accounts.

They spent over £500! The last few hours have been quite harrowing. ON the phone to the police, my bank, paypal, and emails to and fro with ebay.
There goes my faith in online financial services/paypal/ebey. They cancelled my credit card too so I have no way of getting cash until I get the new one.
I think that was worth a pit, though I just feel somewhat deflated so not willing to creatively rant . Do it for me if you like.
Edit: I will say this…


How the heck did they gain access to all of that? Have you followed login links in an email purporting to be from eBay/PayPal?

No, I never fall for phishing emails. I’m generally quite good at spotting those.
I did a little search on the internet and it seems it’s happened to a lot of people recently who all say they never respond to phishing emails.

I am usually quite computer/tech savvy.

I wondered the same thing. Or did they use a public computer and forget to log out etc? I usually only use my home computer for such things.

Sorry to hear that , dude. Hopefully your credit card will cover it.

it happened after I’d logged in at home to bid on a camera lens (50-500mm sigma)

Make sure you’ve run Windows Update and are running the latest Internet Explorer build. You don’t necessarily have to have done anything wrong to end up getting bitten by a keylogger. There was a keylogger problem with World of Warcraft a few months ago, where certain legitimate websites had advertisers who inserted keyloggers which would run (I believe) ActiveX controls to install themselves unbeknownst to the user.

This is no comment on you Lobsang or your passwords, but I was just reminded of this (that sucks BTW, good luck getting it all straightened out):

That tickled me. Thanks, :slight_smile:

Were you able to recover the 500 pounds? I’m sorry to hear that dude.

The guy from paypal said he would reverse the transactions, but if the seller had payment protection then it might not give me my money back.

My bank also said they would refund, but that could take several weeks.

The main damage is not the money - it’s my confidence in online commerce, and knowing that someone knows my passwords (or knew them. I’ve picked a load of new secure ones for everything I can think of)

The passwords weren’t that easy to guess anyway to begin with. It makes me wonder what else of mine personal and private someone has access too. I feel violated.

Even with a public computer, it would be pretty difficult to hijack someone’s eBay account through the browser session - even if you’re already logged in, any significant action (buying something, changing your password, making a payment, etc) involves another challenge for the existing password - you have to enter it again - if all you have is a logged-in session, you don’t have the necessary information.

It does sound like a keylogger has been used - either that or someone has physically gained access to wherever Lobsang keeps his records.

I have only recently started to keep records of my passwords (the sheer number of them demands it) but I my knowledge of my ebay and paypal pws were stored in my head alone.

However, they were both a password which I use [a variation of] in many places.

Mormonism seems a whole lot more appealing today.

FWIW: While the vast majority of off-the-shelf software hide the password from the admins not all do. I was shocked to find out that a software I use in one of my websites did not, which means that I could see people’s passwords, and while I am in now way going to try anything shady I can see where someone else with no scruples might be tempted.

In short: use a different password for each site. Sucks, I know. Good luck, please keep us posted!

I received an e-mail from eBay a couple of years ago alerting me to unusual activity on my account. Someone had taken over my username and posted several sets of golf clubs for sale. I guess they were going to take the money and leave me to explain the missing clubs.

I’m glad eBay caught that b/c I had not done much with my account in a year or so and likely would not have caught it until it was too late. I got the eBay reps on the phone and worked out new passwords for my accoutn and e-mail.

This was before eBay bought out PayPal, so there was no breach there.

I still wonder how that happened, as I had never responded to a phish; I don’t write down my passwords; etc. I had logged on at the library a few times in the past, but it was a couple years prior to this event, so I doubt that was the reason.

My husband had someone break into his Paypal account several months ago. He reported it to the local police, and they determined that the thief ordered stuff online and had it delivered to our house :eek: as a UPS 10:30 a.m. delivery. The thief then must have stood on our driveway at the appointed hour and accepted the package from the UPS driver! We work during they day, and so do most of our neighbors, so no one saw anything. The police ran a check on the name that was used to sign for the package (not anything close to my husband’s name, BTW) but found nothing, and so they declared the case closed.

Did the thief just happen to come across a local account, or is there some sort of network where they say, “I got one in Minnesota, so, Bob, you take that one!”

Husband says he didn’t respond to any phishes, and virus and spyware scans came up clean, so we still don’t know what happened. We did get the money back from Paypal, but we’ve vowed never to use them again.

I suppose it’s possible that some message board admin somewhere might have plundered the passwords and usernames from his board and tried them all on eBay to see if any of them represented a live account, but I’ve not heard of this happening, and if the password varies, how likely is it that it could be cracked by semi-informed guesswork?

I think a keylogger is still the most likely possibility - from how many different machines have you logged into your eBay account? Have you ever logged in from a friend’s computer, or from an internet cafe? How about from work?

Yeah, sounds like a keylogger ('cos they got both passwords, unless they’re the same). The World of Warcraft one was normally embedded in a set of custom icons/pointers, IIRC.

I’ve heard from couple of people who’ve had similar happen but normally they only manage to break into one or the other site. It’s possible ebay’s had a security breach they’re keeping quiet about but that’s fairly unlikely.

I’d echo Mangetout’s question. Also, have you ever used an unsecure wireless network while logging in? The e-bay sign-in is encrypted but if you don’t trust the the people providing the network it’s possible they could fake enough of it to grab the password.

It’s still a bitch tho’, I hope everything works out for you. Remember, a huge percentage of the time on-line commerce is really safe and it’s always much safer than giving your credit card to a waiter, or giving your number by post or over the phone.


Also, have you ever logged in via a proxy server (for example, because the site was blocked by a firewall at work)?