OT: ebay Store Hacked
 

The following might be long winded, but it's actually the short version of what happened to my eBay store.

A few days ago, I logged into my eBay account to process some orders and I was not able to log in. It turns out that someone actually hacked my account and changed the password. They also forwarded any money that I received from sales directly into one of their accounts.
In addition, they hacked my Paypal account and transferred money to another person.

Finally, they hacked my Xfinity mail account and forwarded all of mail to another eMail account. In addition, they placed a rule which would forward all of my mail to another account if the subject contained “bay”.
By taking over my mail, they were able to change the password on eBay & Paypal. All they had to do was respond to the confirmations that were sent.
I spoke to Paypal and they put a stop on all the transactions They also walked me thru to set up a more secure login by using two step authorization when logging in.

I spoke to eBay and Xfinity and they pretty much did the same thing. Xfinity said that they would escalate it and have some one call back. No one ever did.
The next day, I was hacked again even though I had 2 step authorization set up.
I called Paypal but was on hold for over 45 minutes and never got thru.
I called Xfinity and asked how did they update the autoforward field (automatically forwards my email to another account). They said that they need to see it actually populated. I explained to them that I deleted it as soon as I saw it. They said they would look into it and have someone call back. Never called.

Now here’s the best part. During this round of hacking to eBay, the hacker changed all of my personal info. Address, email, phone #, bank info, etc. I called eBay, and asked how can this happen if I set my account up with 2 step authorization. They said the hacker must have got in before I changed it. They walked me thru everything that I need to fix. They did some updates on their side. When they completed their part, I told them to hold on while I tried logging into eBay. I was able to log in but my store was no longer there. The eBay agent said that it will appear within the hour.
Well, the store never appeared again. Once again, I called eBay and they said that they closed my store and deleted all my listings. I asked “why the
f—k did you do that without telling me. They said it was done to protect my account. They also said that I would need to create the store from scratch and relist almost 300 items. In addition, they deleted all past sales records. So, any customer that won an item over the last week and have not paid actually has no record of that item.

While on the phone with eBay, I received an eMail saying that eBay settled a case in favor of the buyer. I said to myself, "Now What?". Since I was on the phone with eBay, I told them about this eMail that I just got. I was not aware of any case. Apparently, a buyer from Canada claimed that they did not receive an item. They just happened to open a case while I was on the phone. with eBay. So, eBay awarded them the full amount without giving me a chance to respond. The reason they did that was because my account was compromised. It has only been a week since I shipped the item. I didn't even get the opportunity to address it. I made a big stink about it to the agent and they said that they are going to refund the money to both the buyer & me. So, the buyer gets his money back plus a free card.

After discussing the buyer case, the ebay agent said that they would restore the sales record within 24 hours. Well, 24 hours passed and they never did. Called them again last night and was told it would be done again in a few hours. It’s been 14 hours and nothing.
So, now I am relisting all of my items. Also, trying to explain to my customers who had their bids wiped out what happened. The hardest thing to do is explain to those who have won items and now have no record of it.

All I can say is that anyone who hacks someone’s account should burn in hell.

eBay’s customer service SUCKS!

After this experience, I question myself and say why do I continue in this business? Is the aggravation worth it? There is absolutely no support from eBay, Paypal & Xfinity.

So sorry to hear Howard. I would have lost it. I’d be just as pissed at eBay as the hacker!

Wow, that's awful Howard. Sorry that happened to you. I think that particular nightmare is in the back off all of our minds. It could happen to anybody.

:mad:

I never thought that I would be on the receiving end of a hacker. I thought I had my accounts and desktop protected but I guess they can always find a way in.

As much as I hate these f---ers that did this me, I am just as pissed off with the customer service reps that I spoke to. I have done a fair amount of business over 18 years and have paid my dues to eBay & Paypal. Yet, they treated my issues like it was nothing.

Just imagine, you wake up one morning to see that your Paypal account has been compromised. Somebody has been taking your money. You then try calling Paypal and you deal with an automated response system that takes you in circles until you finally think that you are getting thru and are left on hold for 45 minutes.:mad::mad::mad:

Take Care of Your Health
 

As others have said, I am sorry this happened to you.
But please remember that your health is number one, both mental and physical.
Writing down what happened to you is an excellent way to get it out of your system. You can't let the hacker cause you to lose sleep, not eat, or take it out on your loved ones.
I know it is easy for me to say as an outsider but "this too shall pass."
Peace and best of health.

P.S. I am not a doctor but I do play one on tv!

Howard, I would go to the three credit bureaus and freeze your credit. I would also change all passwords to everything, especially bank accounts (including PayPal) and get new credit cards. You want to make sure that this problem is confined to eBay and does not grow to other areas in your life.

Good advice but easier said than done. At first I was pissed off and ready to track down these hackers. But then I said I was knocked down but not knocked out. Life goes on with or without these scummy people in our lives.

Good advice. I already started that process.

Yes - do this.

Where everyone can, people should set up log-ins with a backup such as your cellphone. When I log in to those places, I get a message on my phone for secondary approval. I have that with facebook, google, bank, etc. Makes hacking so much harder. They can't just guess a password, but need your phone too.

I did have it setup this way, yet I was still hacked. It does make it more difficult but some of these hackers are professionals who know every trick in the world.

Fyi
 

I would do all of the suggestions above on a different computer. It’s possible that they hacked into your PC!!

^ ^ ^ ^
Yes, this.

I feel for you Howard. Had the same thing happen a few years ago.:(

Sorry this happened Howard
 

I have been an Ebay seller since 1998 and I can join you loud and clear on 1 point:

eBay’s customer service SUCKS!

I think they have "farmed out" most of it and the head is clueless what the tai is doing!!

Ebay customer service - a new oxymoron!

Oh, man. That is terrible. I'm so sorry to hear it.

Howard, I feel your pain.

Just about a month ago, somebody hacked my email. And because this person had access to my email, he used it to gain access to my Paypal. All he had to do was tell Paypal that he forgot the password and they sent to my email account a temporary password that he used. He added phone numbers to my Paypal account and made a few payments using my Paypal funds to websites I have never heard of - video game websites? He also deleted the Paypal emails sent to my email account. However, you can recover recently deleted email, and that's how I found all the emails he deleted while I was asleep. I found some emails in Russian as well - fucking bastards.

Anyways, the next day I tried to get into my Paypal account, and I couldn't. I was like "what the hell is this shit?" So, I had to reset the Paypal password, and then once I got into my Paypal account and saw what this fucker did, I was like "holy shit! I've been hacked!" I never thought it could happen to me because I always considered myself to be one of the "smart guys," but boy was I wrong!

I phoned up Paypal and was put through with a rep in a few minutes. They were very professional and refunded back the unauthorized payments within a few hours. I changed my Paypal password and my email password. I also changed all my online banking passwords, although none of them got hit. You want your passwords to be long and also use a combination of numbers, as well as letters (lower and uppercase.) You can use symbols as well. And finally, my buddy (who works in computer networking or security?) told me that I should check out KeePass. KeePass is an open source password manager. You can download it for free from their website. It's a bit difficult to understand, and so you can watch those awesome tutorials found on YouTube.

Your experience sounds so much like mine. Once they hack your eMail, they can do some serious damage. I was already using some very long passwords with all sorts of combinations.
I still wonder how they got my passwords unless some malware was installed on my PC that copied my keystrokes.
I did have a service clean up any malware after I was hacked.

Do not trust Paypals 2 factor authentication.

I had that happen to my paypal account about three years ago. First time they got access to my email, which allowed the hijacking of paypal They sent money to someone in Africa somewhere(I forget the country)

Paypal said it was "normal" activity....
Had to get the bank to reverse it, except for some reason they had to let the fraudulent transaction complete first.. WTF!!

Changed all passwords, moved Paypal to a different email. Setup 2 factor.

Two weeks later, same thing, except they deleted the emails about paypal off the server so I didn't get them. That super safe 2 factor authentication? They sent a text asking if we really wanted to send money to Mozambique or wherever it was. AT 3 AM.... and after they didn't hear back for a couple hours they let it go through with out approval.

2 factor authentication is worthless when it's done the way Paypal does it.

Paypal acct.
 

Was your issue using Ebays new management system since sales funds aren't transferred to Paypal anymore ?

This is cold comfort, but the system itself has major vulnerability since 2FA utilizes an inherently unsecure and easily cross-referenced point of entry for hackers-our phone numbers. It's still more secure than not having 2FA, but improvements are needed.

I posted on Net54 this year a thesis that 2FA tied to your device, not your phone provider account, is in fact what was originally intended. Slowly, creakily, the tech world is headed in that direction with apps like Authy that provide a push notification you simply allow or deny access with. Paypal recently added it so I highly recommend adding it there. Cryptocurrency heists are driving the evolution in identity theft security solutions.

You should run your email through the "pwned" searcher to check if it's been caught up in a data breach. The best course of action if it comes back red, unfortunately, is to abandon the account.

https://haveibeenpwned.com/
https://net54baseball.com/showthread.php?t=296679
https://authy.com/blog/two-factor-au...tter-security/

When the dust settles I would set my target on the hacker... You already have a bank account number and cell number... Might as well file a police report and see what happens..

Both of them are probably unwitting intermediaries.
Steal money from one Paypal account, send it to another compromised account. Enough iterations, and it's unlikely someone at PP will follow it all the way to the actual scammer.

Howard, as they say, this situation this situation is unacceptable, but the very parties that should have come to your aid failed miserably. I feel the raging bull market in sports cards has led to a large jump in hacking activities. And Ebay/Paypal is ill-prepared to fight it. I no longer consign to Ebay and am very selective with sellers to bid on items*of interest. Truly a time of Caveat Emptor.

Howard is good people good luck octavio

I appreciate all the advice that you guys have given me both on the board and privately.

I pretty much got my store back to what it was before the scum came in and compromised my account.

Here is the summary on how each company dealt with my issues.

Paypal recovered the $1,500 that was withdrawn from the account. My account is still limited but I don't care because I really don't use it anymore. Tried calling them when my password was changed a second time but spent 45 minutes on hold without being able to speak to a human being. So, I hung up.

eBay failed miserably in this situation. They closed my store and deleted all my items without warning. When I asked why they did this I was told that it was for security reasons. I asked if they had a backup so that they could retrieve my items. They said no. Also, told me that I would need to recreate the store from scratch. I asked them what about the 300 store categories that I have created. They said that I would need to recreate each one. That was false because store categories were left untouched.

eBay also deleted 19 orders that were pending payment. These orders were from items that were won prior to the hacking. I asked them why did they delete it. Their answer, I don't know. For 3 days, 3 different eBay dummies told me that they would restore the items and it would be back in 24 hours. Each day, I checked it was not restored. Each time I was told the same thing. Finally, spoke to someone who spoke English on the last day who said that she would research it and call me back. Never called back!

Tonight, I have to tell the winners of each one of these items that their winning items have been cancelled by eBay. I would offer them the cards outside of eBay, but eBay would add a defect to my account if caught. That they are good at doing.

Finally, Xfiniity failed miserably also. Each time, my account was updated by the hacker, they said that they would escalate it and have someone call me back. Not one call back. Finally the last ahole said that they need to see the issue before he can escalate. I need to call back when it happens again. This is after I already called them about 5 times.

So, to sum it up. The companies that say that they are so concerned about the security of your account really do not give a crap.

It's time for me to move on and do what I came here for. That is sell baseball cards. I truly believe that what goes around comes around. These hackers will get it in the end.

Since each post should have a card and I am talking about hackers, I added this one.