Jump to content

eBay Login breach


macdunn

Recommended Posts

To start with - I am aware that there was a security breach at eBay back in May 2014 and all eBay users were supposed to be notified to change their passwords. I do not recall ever receiving any notification, but had not been using my account, other than following items to buy, and did not change my password at that time.

 

Now, on 31 Oct 2014, I decided it is time to sell some stuff again. When I went to post the listing, I was notified on-screen that 'it appeared that I was using a different machine' (from which it did not say). I have changed computers since the last time I sold anything but have been using the same new machine to browse since April 2014.

 

So, I went ahead and changed my password and also changed (or entered a new clue - my mother's maiden name) the clue answer. Everything seemed to work and I was able to list an item for sale. The next morning, 1 Nov 2014, I got an email from eBay saying that my account had been temporarily suspended and my sale was cancelled.

 

Since then, I have logged in again but when I was relisting the item again, I was asked for the answer to my mother's maiden name and the answer was not accepted.

 

I then received (on-screen) the message --

 

Call us at 1-866-643-1607 and mention security code XXXXXXX (I am not showing it here security reasons). This is not the same confirmation code to confirm your account.

 

This on-screen message is coming from the URL --

 

https://www.kgvrfn.ebay.com/Support/?reqinput=

60ed0be722c1f00f1f72387f2d25f661f1fda7ff9d8f75bb832ca01bd7fc048be866ec44bd36eca4411f21756ade3f4de969f658f03b2777a2f4d5651314b15a

 

Does anyone know if --

 

1) eBay is using a telephone number for this type of problem,

 

2) Is the URL - https://www.kgvrfn.ebay.com/ - an valid eBay URL

 

I have never seen a phone number for eBay before and this URL does not seem right to me because of the sub-domain.

 

I am getting frustrated enough to just go ahead and open a new account with eBay, losing my history of 100% satisfaction since I started buying and selling in 1999.

 

Thanks in advance,

 

-Mac-

Edited by macdunn
Link to comment
Share on other sites

securitybreach

Personally I would go to ebay and use their Contact info. Your account was compromised since the breach stole login info and you did not change your password. Since you had a seller account. I would also make sure you do not have any fraudulant purchases.

 

http://pages.ebay.com/help/account/contact-customer-support.html

 

Another reason to always change your passwords when you are alerted of a security breach.

Link to comment
Share on other sites

Thanks for the prompt suggestion.

 

However, that is exactly what I was doing. I was able to change my password, twice in two days. The first time I also added or changed my mother's maiden name which eBay.com (US, I am currently in EU where I have a seller's account on eBay.de) accepted.

 

However, when I went to relist the cancelled item, (as a logged in eBay.de seller, after clicking on the Post button, I am directed to a login dialog for eBay.com (US). When I log in on eBay.com, I got the message that I seem to be logged in on a different computer. I am then directed to get a confirmation number by 1) telephone, or 2) email. I select email since I do not trust telephone calls (who knows where the number is going, therefore I asked if eBay is using phone numbers). When I click on the Email radio button and clicked on the Next button, I am asked to enter my mother's maiden name to confirm my identity. At that point, the name is not accepted and after three tries, I at told that I have to wait 24 hours to try again. This 24-hour hold has happened two days in a row now.

 

I do not recall receiving the security breach notification which I do usually pay heed to from any of my regular sites.

 

So far, I have review my eBay account and my bank account (which is linked to my eBay account) and there are no fradulant purchases.

Link to comment
Share on other sites

Thanks.

 

That is the phone number I am currently on hold with. So, you trust that number? My Skype call center 'says' that the number is a Mobile number (cell).

 

You may notice that that is a different number than the one which displayed on-screen (in my original text above - 1-866-643-1607 ).

I will keep you advised when I get off the call.

Edited by macdunn
Link to comment
Share on other sites

I thought that I had written this update yesterday (Sunday) but it seems that I forgot to click on Post before I closed Firefox.

 

So, the short result of my call to eBay Tech Support is that the entire problem with my login was that my <U>current IP Address (of my ISP here) was not in the database at eBay as a 'secure' IP address</U>.

 

The longer version is that I went through eBay.com's Website and found a phone number for support regarding Account issues - 1 (866) 540-3229. I called the number (which Skype indicated is a Mobile number, for whatever reason (now that Microsoft owns Skype, who really knows what is going on with Skype)), was in the hold queue for 20 minutes, then spoke with one Tech Support representative for 25 +/- minutes when the rep said that they were responsible for Account issues, not security issues and then transferred me to a Security specialist. The Security specialist picked up my call immediately. We then went through all of the steps of the problem which has been plaguing me since Friday (two days before) and finally the specialist said that the problem was that the IP address I was coming in through is not in their list of 'secure' addresses. The specialist then asked me a series of security questions (not the ones which we can set through the User Account settings, but based on the account history, I will not go into them for security reasons). When the person was satisfied the I am who my account said I should be, the specialist added the IP address to the list of 'secure' addresses. The person stayed on the phone while I went through relisting the item which I had been trying to list when all of this started (actually, it was listed on Friday and then my account was blocked overnight (Friday/Saturday), the item sale cancelled and all of this security run-around started), and stayed on the line with me while I changed some over stuff in my account for test purposes. The total call took 1:10 hours. I have to wonder if the issue would have ever been resolved online rather than with a phone call. I think not.

 

Overall, I give the two support people at eBay.com top marks for their help and resolution of the issue. I say this having spent 1 year taking Tech Support calls for WordStar 30 years ago and knowing what it is like at the Tech Support end and before the days of 800 numbers.

 

Ring, Ring!

Tech Support--This is Tech Support, what is the name of your product?

User - WordStar

Tech Support--And, what version?

User - 3.31

Tech Support--And, what is your problem?

User - My computer has locked up and my Master's thesis is on-screen. What can I do? I have to submit it in XX days.

Tech Support--Well, since your computer is locked up, you will have to reboot it. You will then have to open the last saved version and retype the part which has not been saved since the last time you saved the document.

User - But, this is the first draft and I have not saved it yet.

Tech Support--I am sorry but then you are going to have to rewrite it. Can I do anything else for you?

 

This is a true scenario, several times. And. more often than not, the caller had been waiting for the rep for 15 minutes. I have lost data myself, so I nowadays, if I am writing a document, etc., I save every paragraph. And, make regular backups of my HDD, though not until recently my iPad.

 

So, again to recap the short result of my call to eBay Tech Support is that the entire problem with my login was that my current IP Address (of my ISP here) was not in the database at eBay as a 'secure' IP address.

Edited by macdunn
  • Like 1
Link to comment
Share on other sites

well, it is worked out when I use Chrome to view my account on eBay.de or eBay.com.

 

When I use my older Firefox which I have used forever, including all of last week until the problem first popped its head up, I am still getting the message that I seem to be using a different machine and that I need to be confirmed, and then the process hangs. Using Chrome (which also had the same problem last Friday, Saturday and Sunday as with Firefox) does work now, so I have given up on using my older Firefox to monitor my eBay account and just use Chrome.

 

Oh, well.

 

Progress with software is always just a programmer's wet dream or, in California a programmer's pipe dream.

Link to comment
Share on other sites

V.T. Eric Layton

Dump your cookies, history, cache in Firefox. Close it down. Restart it and retry your eBay stuff.

 

Anyway, congrats on a successful resolution of the issue. Be sure and tell someone (via email or whatever) what a fine job those support folks did for you. They rarely ever get any love from callers. I used to do tech support for Phillips America (consumer electronics). It's not a fun job.

  • Like 2
Link to comment
Share on other sites

securitybreach

Well done E-Bay, I am dead impressed with the service they gave. :hug:

 

Ebay is fine. Now Paypal.... that's a whole different story. (I was charged double back in 2004 for $300 and they never made it right)

Link to comment
Share on other sites

I complimented both of the support people throughout the two conversations. I could tell, with my experience doing Tech Support way back when, that the first person was possibly at the end of the rope, though stayed professional throughout. The second person was cool and cheerful while resolving the issue - adding my ISP's IP address to the 'trusted' address list.

 

The support was coming from the Philippines. I have known for some time now that a lot of companies have shifted their support from India to the Philippines. I have worked in Sillycon Valley with a lot of Indians and have known and worked with Filipinos in other locales before. I have nothing but compliments to say about the help provided by the Filipinos.

 

Re: eBay - last week eBay credited my bank account (here in Germany, you register your bank account with eBay for payment of sellers' fees, not a credit card since many Germans have not had credit cards until recently) with 1 cent. No idea why. I have not sold on eBay since last August.

 

And, out of the blue, I got an email at midnight (00:00) Tuesday from eBay.com --

 

"Thanks for consistently delivering exceptional service to your buyers. We're here to provide you a marketplace where you can sell with confidence. That's why we've taken the following steps during the past month to protect your account:"

 

"Upgraded 1 of your detailed seller rating(s) to five stars"

 

Again, no idea why since I have not been doing any selling between August 2014 and this new listing which started this 'security' issue. Has eBay been sold to Microsoft? Sounds like the 'boys' from Redmond.

Edited by macdunn
  • Like 1
Link to comment
Share on other sites

To be honest, I already dumped the Message Center contents and I do not remember what came in. Here is the actual eMail as saved by my eMail client - Eudora --

 

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on a.spam.sonic.net

X-Spam-Level:

X-Spam-Status: No, score=-20.0 required=1.0 tests=DCC_REPUT_00_12,DKIM_SIGNED,

DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,

RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,RP_MATCHES_RCVD,SNF4SA,

SONIC_REFERENCE_ID,USER_IN_DEF_DKIM_WL autolearn=disabled version=3.4.0

X-Spam-SNF-Result: 0 (Standard White Rules)

X-Spam-MessageSniffer-Scan-Result:

X-Spam-MessageSniffer-Rules:

0-0-0-19314-c

X-Spam-GBUdb-Analysis: 0, 69.12.221.245, Ugly c=1 p=-0.528275 Source Normal

Received: from i.mx.sonic.net (a.spam-proxy.sonic.net [69.12.221.245])

by d.spam.sonic.net (8.14.4/8.14.4) with ESMTP id sA4N0tgJ024051

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)

for ; Tue, 4 Nov 2014 15:00:55 -0800

Received: from mxslcpool25.ebay.com (mxslcpool25.ebay.com [66.135.215.91])

by i.mx.sonic.net (8.14.9/8.14.9) with ESMTP id sA4N0sma031399

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)

for ; Tue, 4 Nov 2014 15:00:55 -0800

Received: from slc4b03c-a139.stratus.slc.ebay.com (slclb69.slc.ebay.com [10.89.178.12])

by mxslcpool25.ebay.com (8.14.4/8.14.4) with ESMTP id sA4MxPCo000387

for ; Tue, 4 Nov 2014 16:00:53 -0700

X-DKIM: Sendmail DKIM Filter v2.8.3 mxslcpool25.ebay.com sA4MxPCo000387

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=ebay.com; s=dkim1k;

t=1415142053; bh=UHb7bLD33rf50S4zupd4NLp6mDw=;

h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type;

b=fDzwBRyzYoUMqdhr0RJwSouktZDhAb8XtVyIFR/wznFbMkd2qxwKfb+psJtpou4DJ

Z3m+JdmFbGmpRdTt+v6sQ4Q9khUKwqKIp0S/guiNwCFnVK4/XaOHjO9atqK8onwUWH

WB/qHVhCdZDyZ61m6bM2JpJ+e3wLvsCJY1H2vqak=

Date: Tue, 4 Nov 2014 16:00:53 -0700

From: eBay

Reply-To: ebay@ebay.com

To: sheldunn@sonic.net

Message-ID:

Subject: We've protected your selling account

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_Part_30696651_2116845100.1415142053578"

ReplyTo: ebay@ebay.com

X-eBay-MailVersionTracker: 897.17243231

X-eBay-MailTracker: 13215_2504.897.0.0.dfc90f3bc9f8456c9693b794fb942315

X-Orthrus: tar=0 grey=no co=US os=Linux/3.1-3.10/1 spf=pass dkim=pass

 

Go to your Seller Dashboard for details, Sheldon.

eBay

 

We've protected your selling account

 

Hi Sheldon,

 

Thanks for consistently delivering exceptional service to your buyers. We're here to provide you a marketplace where you can sell with confidence. That's why we've taken the following steps during the past month to protect your account:

Upgraded 1 of your detailed seller rating(s) to five stars

 

We've already updated your seller dashboard to reflect these changes, which are for transactions made during the past year. When we remove transaction defects, your transaction defect rate may not go down if you had transactions that received more than one defect.

 

We'll continue to improve our monitoring, detection systems, and policies to protect sellers like you. To see these updates, go to your Seller Dashboard .

Go To Seller Dashboard

Email reference id: [#dfc90f3bc9f8456c9693b794fb942315#]

eBay sent this message to Sheldon (sheldunn). Learn more

Why am I receiving this email?

You are receiving this email based on your eBay account preferences. If you'd rather not receive these emails, click unsubscribe.

eBay is committed to your privacy. Learn more about our privacy policy and user agreement.

Â&copy; 2014 eBay Inc., 2145 Hamilton Avenue, San Jose, CA 95125

Edited by macdunn
Link to comment
Share on other sites

one thing stands out in the HTML code of the eMail (I was going to post the entire eMail here, but since it is loaded with HTML tags, it cannot be posted, however here is the header before the HTML code, note the very first line - "From ???@??? Wed Nov 05 10:36:39 2014" - everything else seems legit) --

 

From ???@??? Wed Nov 05 10:36:39 2014

Return-Path: ebay@ebay.com

X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on a.spam.sonic.net

X-Spam-Level:

X-Spam-Status: No, score=-20.0 required=1.0 tests=DCC_REPUT_00_12,DKIM_SIGNED,

DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_HI,RCVD_IN_MSPIKE_H3,

RCVD_IN_MSPIKE_WL,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_SAFE,RP_MATCHES_RCVD,SNF4SA,

SONIC_REFERENCE_ID,USER_IN_DEF_DKIM_WL autolearn=disabled version=3.4.0

X-Spam-SNF-Result: 0 (Standard White Rules)

X-Spam-MessageSniffer-Scan-Result:

X-Spam-MessageSniffer-Rules:

0-0-0-19314-c

X-Spam-GBUdb-Analysis: 0, 69.12.221.245, Ugly c=1 p=-0.528275 Source Normal

Received: from i.mx.sonic.net (a.spam-proxy.sonic.net [69.12.221.245])

by d.spam.sonic.net (8.14.4/8.14.4) with ESMTP id sA4N0tgJ024051

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)

for <sheldunn@lds.sonic.net>; Tue, 4 Nov 2014 15:00:55 -0800

Received: from mxslcpool25.ebay.com (mxslcpool25.ebay.com [66.135.215.91])

by i.mx.sonic.net (8.14.9/8.14.9) with ESMTP id sA4N0sma031399

(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)

for <sheldunn@sonic.net>; Tue, 4 Nov 2014 15:00:55 -0800

Received: from slc4b03c-a139.stratus.slc.ebay.com (slclb69.slc.ebay.com [10.89.178.12])

by mxslcpool25.ebay.com (8.14.4/8.14.4) with ESMTP id sA4MxPCo000387

for <sheldunn@sonic.net>; Tue, 4 Nov 2014 16:00:53 -0700

X-DKIM: Sendmail DKIM Filter v2.8.3 mxslcpool25.ebay.com sA4MxPCo000387

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=ebay.com; s=dkim1k;

t=1415142053; bh=UHb7bLD33rf50S4zupd4NLp6mDw=;

h=From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type;

b=fDzwBRyzYoUMqdhr0RJwSouktZDhAb8XtVyIFR/wznFbMkd2qxwKfb+psJtpou4DJ

Z3m+JdmFbGmpRdTt+v6sQ4Q9khUKwqKIp0S/guiNwCFnVK4/XaOHjO9atqK8onwUWH

WB/qHVhCdZDyZ61m6bM2JpJ+e3wLvsCJY1H2vqak=

Date: Tue, 4 Nov 2014 16:00:53 -0700

From: eBay ebay@ebay.com

Reply-To: ebay@ebay.com

To: sheldunn@sonic.net

Message-ID: 9e8da160-8b15-4039-97c9-8d149382aff8@slc4b03c-a139

Subject: We've protected your selling account

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_Part_30696651_2116845100.1415142053578"

ReplyTo: ebay@ebay.com

X-eBay-MailVersionTracker: 897.17243231

X-eBay-MailTracker: 13215_2504.897.0.0.dfc90f3bc9f8456c9693b794fb942315

X-Orthrus: tar=0 grey=no co=US os=Linux/3.1-3.10/1 spf=pass dkim=pass

 

Edited by macdunn
Link to comment
Share on other sites

Guest LilBambi

Yes, I never respond or click on anything in emails from eBay. We have a safe way to deal with messages via the website or if on phones, eBay app.

 

At the very least I make sure I got the same message in my eBay account messages area.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...