Over the weekend, several hundred eBay listings were edited to include a message saying “To buy the item now email [a gmail address]”. Several hundred accounts were compromised: the scammers used four gmail accounts to target high value items such as cars, hi-fi and jewellery.
There have been some reports stating that the site was hacked, but this is incorrect. Vanessa Canzini (eBay UK’s PR Manager) confirmed to TameBay today that the site itself remained secure. eBay have released a statement to confirm “that the eBay site has not been hacked or compromised in any way” and that the accounts “were compromised and edited after seller password details were obtained via spoof/phishing emails.”
eBay also point out that they “can provide redress in the rare instance that things go wrong, with the payment protection schemes it offers to both buyers and sellers, but this redress can only be provided if people carry out all transactions on the site.” It’s well known that eBay and PayPal are the target of 75% of all phishing activity on the net, so hacked accounts or in eBay parlance “TKO accounts” (TaKen Over), are nothing new. The only notable fact from the weekend’s activity is that the scammers appear to have saved up several hundred eBay account user names and passwords to edit auctions in bulk.
Just how much is your eBay user name and password worth? To anyone who’s had the horror of their account taken over quite a lot. To the scammers surprisingly little. Normally those perpetrating the scams aren’t those phishing for passwords. There’s an open market where phishers sell on account details for pennies.
So what can you do to stay safe? Firstly the eBay site is secure, so if you keep your password secure your own auctions can’t be edited.
- Don’t click on links from email; type in the URL for eBay or PayPal yourself.
- Expect every email to be suspect; it probably will be!
- If it contains important information log into your eBay or PayPal account and you’ll be notified on the site itself.
- Also consider using the eBay toolbar (for Internet Explorer) which will warn if you’re about to enter your eBay user name and password into a non-eBay site.
As a buyer keeping safe is even easier: never ever transact off eBay. If you see something you want to purchase then buy through the eBay site. Pay in a secure manner: either with PayPal, by credit card through the sellers merchant account, or with services such as Nochex. Don’t ever use cash or Western Union: both methods are banned on eBay anyway.
Finally change your password on a regular basis and never change it back to one you used in the past – that way if your account is compromised by the time the scammer tries to make use of it they won’t be able to log in anyway.
13 Responses
Was it several hundred accounts though, or did Chinese Whispers take place ?
I ‘watched’ the events unfold, and at its peak there were reports of several hundred auctions (not accounts), some members were frustrated at the ability to only report 10 auctions at a time.
Several hundred accounts would indicate many more than several hundred auctions, this was not the case.
Uh Huh..
Sure they were not hacked.. Like you expect a sleazy bunch like eBay to tell you the truth??
Look over the recent hacked pages we have captured, and the severity of it. Then tell us it ain’t so..
https://www.ebaymotorssucks.com
https://www.ebaymotorssucks.com/rflello.htm
I was one of the people involved in trying to warn sellers about this yesterday. In response to Eddie – these were very high value items and most sellers only had at most a couple of items listed. Even those who did only had a few of their listings compromised, not all of them. The number of listings in this case therefore is, in effect much the same thing as the number of accounts – nearly all the ones I saw were one listing to one account.
In my opinion this was a phishing exercise, but quite a sophisticated one, which did not involve clicking on, or responding to anything in emails.
I think the most sensible thing anyone who is worried about this, and who has listed a high value item recently (even or especially if it has finished and you are not regularly checking ebay) is to check your pc is free from keystroke loggers and change all your ebay and paypal passwords.
I agree with the poster above. It sounds to me that it was a phishing exercise. It wouldnt be that difficult to achieve hundreds of hits through eBay because of the high numbers of users.
I am not a huge fan of eBay as I stopped seller their a while back but I think if people bothered to visit their help pages they would find loads of info on how to minimise the chances of being caught out like this.
A lot of people dont protect their pcs from attack but they wouldnt leave their front doors open would they? We should be as concerned about pc security as we are about our household possessions.
Nice Sensored Blog You Have Here.. That’s OK.. eBay will have it’s day sooner or later.. It’s only a matter of time!
DOC
This may have been an instance of a well orchestrated scam that got user info from phishing…or not. We will never know. Taking eBay’s word for it is beyond ridiculous. An eBay spokesperson said that the Prosperpoint breach was a result of phishing which was a blatant lie. Why should we trust them in this case?
eBay uses semantics to hide its site security problems.
However it defines the word “hacked”, it is apparently excluding the social engineering scams that use embedded javascript within eBay item listings to steal personal data from eBay customers.
1. Users already logged in to eBay are asked to login again when they land on poisoned eBay listings.
2. These users did not respond to phishing emails, and may never have received a single spoof email.
3. The users dutifully login again on what appears to them to be a legitimate eBay login screen.
4. The login screen isn’t eBay’s at all, despite the fact that it was presented to the user from a listing screen within eBay.
5. Because the users are returned to the real eBay site after giving away their ID/passwords, they are unaware they’ve just been robbed.
6. The users later find out, to their dismay, that their eBay accounts (and possibly credit card data and/or paypal accounts) have been hijacked by criminals who got their info while the users were browsing on eBay.
Since this method of identity theft does not depend on eBay being “hacked”, perhaps a new word is needed to define the problem – maybe “scamBayed”?
Yep.. Internal Redirects are a big problem on eBay!
What eBay is not telling us is, There are a lot of internal redirects leading new and inexperienced site visitors off to look alike sites where “no scam warnings are posted” A newbie will fall into this cleverly baited trap in a new york minute!
Review these articles on how it is being done.
https://www.ebaymotorssucks.com/iiwasp-com-2.htm
https://www.ebaymotorssucks.com/asrcs-com.htm
There are fake sign in links in eBay ME Pages as well. I have seen plenty of them!
When the physhing is Internal On eBay’s Site it’s hard to blame it on the users opening emails and clicking on links!
Another favorite is to list a car with a pornographic photo, clicking on the listing brings up a phony sign in page!
This one had the link code messed up so who ever looked at it got mooned but good!
https://www.ebaymotorssucks.com/danield418.htm
eBay is making $$$ hand over fist.. They need to spend some of it policing and cleaning up their site!
BTW: Appologies for the Sensord Comment. Guess my previous posting was delayed because of the links.
Someone is playing a game with ebay.
A conservative estimate would be that 600 unique sellers account were hi-jacked by this person and have been used so far.
Around 300 unique selling account were discovered hi-jacked on Sunday (18th Feb). Around 100 on Tuesday (20th Feb). Around 200 on Wed (19th Feb, today).
It is clear that the hi-jacker wanted to be caught, he made it simple and made sure that each new ‘wave’ of hi-jacks were linked to previous ones.
I’d assume there is a lot of profit to be made in hi-jacked accounts. Why ‘waste’ (for want of a better word) this many accounts?
Because he is proving a point and playing a game.
How many more accounts does he have?
What will he do with the ones he does not want discovered?
Clearly large-scale. And ebay have been slow to respond.
After Durzy’s admission yesterday that Vladuz HAS accessed eBay staff systems I assume we can all agree that the eBay statement you quoted in the original post “that the eBay site has not been hacked or compromised in any way†was not entirely truthfull?
Now we can all rest easy since the eBay statement yesterday saying, in effect, “the successful hack that happened ages ago that we were denying completely until now wasn’t that bad really and nobody needs to worry.”
Yea I trust ’em!
Several hundred? That number is up a bit. The largest amount of listing that I’ve seen this week from one scammer is 3500+ simultaneous auctions. eBay eventually got around to removing them after several hours, but they stayed in search for much longer.
https://firemeg.blogspot.com
It is refreshing to finally read some comments by people that seem to critically evaluate information from and about ebay rather than to just take it at face value.
It does much to legitimize tamebay as a blog with a voice for all, rather than make it appear as an ebay mouth-piece to spread and affirm ebay corporate spin.
Thanks for your comments, Alex. I should just say that neither Chris nor myself work for eBay, eBay have no control over what we write here, and we write as we find. If that’s too pro-eBay for some, well, so be it 🙂