eBay account hacked

[Tinkers]

I've just found out that my eBay account was hack about a month ago and someone was selling batteries through my account. Given th number of messages I'm guessing most if not all have never received their batteries.
Whoever did it had changed the email address on my account and the phone number.

I've changed my password, changed the email address back, phone number and updated the security questions (not sure I ever did this before, I don't think I did).

I rang eBay, who were very helpful. They've advised that I also change my PayPal account password and email password (also now done). They will contact the hundreds of people who have tried to buy from the hacker.

I only noticed because I'd ordered something and never got an email through.

Going through my settings the hacker wouldn't allow payment by PayPal (I'm guessing because it would have gone into my account) so be wary of sellers who don't accept PayPal.

So if you have an eBay account, take 5 minutes to check.

[mike1880]

Changing the subject slightly: if, like me, you've been in the habit of re-using the same username and/or password across a swathe of sites I'd suggest that now would be a really good time to stop doing it. And I'd recommend everyone to visit the following website which collates the data stolen in various hacking events and can tell you whether your details are included:

https://haveibeenpwned.com/" onclick="window.open(this.href);return false;

My details were stolen in the 2012 LinkedIn attack but only turned up online in 2016, so there was 4 years when any account where I used the same details could have been taken over without me even knowing there was a risk. Which might explain why Amazon emailed me a few months ago to tell to me to change my password immediately because they'd found my username and password on a website (I must admit, I'm quite impressed that they were actively checking! On the other hand, after years of ignoring phishing emails telling me I need to change this or that password, it took quite a mental effort to accept it was genuine and do something about it ).

[Tinkers]

I'm currently going through various accounts etc and changing the email address, as it's likely my email address was hacked. That leaves you open to hackers getting into anything as password resets get sent to your email.

I've switched on two step verification for Amazon as well.

Someone tried to hack my iTunes account but failed a few months ago. I needed to jump through a few hoops to get around that one. Which is a good thing but annoying.

ETA I checked using the website you mentioned. MySpace seems to have been my downfall. Never even used it, just created an account.

[Sally-Anne]

Changing the subject slightly: if, like me, you've been in the habit of re-using the same username and/or password across a swathe of sites I'd suggest that now would be a really good time to stop doing it.

A password vault like LastPass will generate strong passwords and store them safely. It will also warn of duplicate passwords if you prefer to choose your own.

The only thing you have to remember is the master password.

[Tinkers]

I've started using something similar, mainly because I couldn't remember the weird and wonderful user names some banks etc. Give you.

Even then I don't put in the real password, just a code that will remind me what the password is.

The other thing I do is deliberately misspell the answers to security questions. That way even if someone determined figured out the middle name of my second next door neighbours dog or whatever, they still wouldn't get past that.

[Amber]

Changing the subject slightly: if, like me, you've been in the habit of re-using the same username and/or password across a swathe of sites I'd suggest that now would be a really good time to stop doing it.

A password vault like LastPass will generate strong passwords and store them safely. It will also warn of duplicate passwords if you prefer to choose your own.

The only thing you have to remember is the master password.

Apart from the total lack of memorability of these (I get safari generated ones and also have 1Password), often they don't generate passwords which are acceptable to certain sites. My work email for example needs an uppercase letter, a number, a character, turn round three times and touch your toes, you know the kind of thing, which a lengthy random list won't do.

I tend now to use a phrase - today's one reflects the frustration I felt after spending 35 minutes 'live chatting' with someone on the subcontinent after the failure of my attempts to reset a password on an account Mike's gizmo told me had been hacked. Things like 'can'tstandanothermomentofthis' make very secure passwords.

[Tinkers]

I've gone for longer passwords and starting using capitals, numbers and special characters even when not required. However I tried to change my normal email address password and it limited me to less characters and no special characters.

Slowly working my way through.

[mike1880]

I changed all my passwords after the Amazon email and can no longer remember any of them (I now use short phrases with lots of abbreviations/punctuation/numbers from the data tables in a technical book, a method which can be tailored to suit the foibles of any site) so I've been contemplating password safes for a while. However, there's an argument there that I'm not ready to have yet with the petulant technophobe that would need to know what to do if I go under a bus tomorrow.

Ironically the LinkedIn password that probably caused all the trouble in the first place changes every time I log in because I can never remember it and have to reset it every time

[quasimodo]

I was called by my eldest dd from Rhodes who is on holiday with friends following her finals exams with news her e bay account has been hacked from Russia.They have changed all her settings and have taken over the account.They attempted to use it.Luckily without success from what we can ascertain so far.She has been on the phone to e bay who have been advising her and her Bank have been made aware and the account and card attached to it shut down.Luckily she has enough funds with her for the next couple of days before she comes back.

I am presently running virus scans on the home lap tops and computer which have so far proved negative and then will be making wholesale changes to security with the advice of the youngsters in the family who are more computer savvy than I am.

So another attack through e bay please be aware and be cautious.

[Tinkers]

eBay advised me to change my email account password and PayPal account password, as it was possible they got the info from my email account.

Not only did I do that, but I changed the email address I used for eBay, PayPal and a number of other sensitive things.

The hacker was using my account to 'sell' stuff rather than to buy stuff, so I wasn't losing money, they were just getting money from other people. They had changed the settings so buyers couldn't use PayPal and had to use a credit card to pay. I'm now very wary of anyone on eBay who doesn't accept PayPal and won't buy from them.