Man of Honour
Well, this is something I never thought I'd be posting!
Earlier today I received three emails thanking me for some eBay purchases. I initially thought they were scam emails, as they usually are, the "click link x to vie order details" sort But the source and emails were in fact genuine.
I logged into eBay, and saw that three orders had been placed totalling £133.93. The cheapest was a £4.50 odd "Sexy Women's Summer Bandage Bodycon Evening Party Cocktail Club Short Mini Dress", and the most expensive being a BOSCH air flow meter for a car at £90+P&P. The second item was also a dress, but not the sexy kind. I guess some days you just don't need to feel sexy.
I immediately changed my eBay password, and noticed that security questions were not enabled. In fact I don't think I ever enabled these when the function became available years ago, but my password was a secure one. I can only imagine that someone brute forced it due to the account not having security questions set, and they were able to pay for the items using the automatic checkout via PayPal option (now disabled).
Kudos to both PayPal and eBay though. I phoned them both, and they instantly flagged the transactions, blocked the device used to log into my eBay account.
My PayPal and email accounts are both secured via two step auth, but eBay doesn't have this feature, security questions is about as secure as it gets. Luckily, the culprit only made those purchases and didn't change any account details (I get emails for any changes to the account anyway). The delivery addresses at checkout for all three items were to a flat in Aberdeen.
So, can we assemble a letterbox army and destroy this vile beast with chocolate?
For what it's worth, I have had eBay/PayPal since 2001, and have always had a pleasant experience. Today's incident hasn't changed that feeling as it has shown me how quickly and effectively both of them deal with such issues.
Earlier today I received three emails thanking me for some eBay purchases. I initially thought they were scam emails, as they usually are, the "click link x to vie order details" sort But the source and emails were in fact genuine.
I logged into eBay, and saw that three orders had been placed totalling £133.93. The cheapest was a £4.50 odd "Sexy Women's Summer Bandage Bodycon Evening Party Cocktail Club Short Mini Dress", and the most expensive being a BOSCH air flow meter for a car at £90+P&P. The second item was also a dress, but not the sexy kind. I guess some days you just don't need to feel sexy.
I immediately changed my eBay password, and noticed that security questions were not enabled. In fact I don't think I ever enabled these when the function became available years ago, but my password was a secure one. I can only imagine that someone brute forced it due to the account not having security questions set, and they were able to pay for the items using the automatic checkout via PayPal option (now disabled).
Kudos to both PayPal and eBay though. I phoned them both, and they instantly flagged the transactions, blocked the device used to log into my eBay account.
My PayPal and email accounts are both secured via two step auth, but eBay doesn't have this feature, security questions is about as secure as it gets. Luckily, the culprit only made those purchases and didn't change any account details (I get emails for any changes to the account anyway). The delivery addresses at checkout for all three items were to a flat in Aberdeen.
So, can we assemble a letterbox army and destroy this vile beast with chocolate?
For what it's worth, I have had eBay/PayPal since 2001, and have always had a pleasant experience. Today's incident hasn't changed that feeling as it has shown me how quickly and effectively both of them deal with such issues.
Last edited:
