It's scary to think of what people will do to ruin a good thing for everyone. It only takes one person and things can change for everyone. Oh the price of freedom.

Why can't the people realize that there are other internet auctions sites and start moving away from Ebay's power over internet auctions. Due to Ebay having the 'monopoly' on auctions, I have moved to Overstock and Goodwill and Bid auctions.

Both Ebay & Half.com are now rife with Bootleggers of DVD's and counterfeit goods. Ebay is largely at fault for not taking action to close these accounts even when they are reported. The same goes for the reported Ebay Phishing/Spam Web Sites. More than once I find theses reported Ebay Phishing Web Sites are still up and running even weeks after they have been reported to Ebay. Both Homeland Security(US Customs) & Law Enforcement really need to investigate Ebay's business practice, and to find out why they allowing a series of continual and non-stop fraud to be practiced on Ebay.

EBay can deny account takeovers all they want; however mine was taken over, and Ebay is not an esay company to deal with.

This explains why we have not been able to get eBay and PayPal to investigate why we have not received the books we recently purchased. Good bye eBay, it was fun while it lasted.

EBay could possibly be less vulnerable if they improved both customer service and dispute resolution by making their services more accessible by telephone.As it is most often queries are usually addressed by form email that usually does not even address the question aked.

Excellent Article. Have been hearing stuff through the grapevine/message boards for awhile now: This is the most accurate piece of writing I've seen regarding this problem with identity theft on Ebay in some time. Kudos to Mr. Sullivan!

Phishing is a HUGE issue and it is very easy to believe that this is the source of the problem. Millions of messages are sent each day wanting usernames/passwords that show up as fake sites. If 1% of those respond to a scam like that, that is a pretty good supply of username and passwords to use. As your spam blasts become more common, the likeliness of fraud increases as well.

EBays days are numbered. Meg and Pierre only care about money. They have the worst customer service of any company on this planet.If you hold EBay stock, SELL IT NOW. If you knew what I knew you would be scared to death...

Wow - and this all from a company that just completed a buyout of the ticket reseller Stubhub... How long until my Stubhub account is compromised?

I do not feel sorry for eBay. I was a seller and also a buyer. A seller in Canada began attacking me over a money order that was slow to arrive. He finally received it, but in the meantime, he attacked me with viscious, insulting, profane,demeaning emails. As he was, and still is, a BIG seller on eBay, they looked the other way rather than diciplining him. Although I reported his activities to their customer help line, they refused to protect me. Money was all they cared about. In all my business with eBay, I was a perfect 100% rating. I deserved a little respect and care.

eBay is rife with serious problems. Listings of counterfeit items by the same hackers or thieves are so obvious a grade schooler can spot them. Reporting these listings to eBay may result in the listing being removed. But it seems to end there as the same items with the same foreign email "for questions" appears quickly and at times identical multiple listings are on eBay. If some poor soul pays with eBay's PayPal and the crooks send even an empty box with Delivery Confirmation number, the victim will spend many hours over a long period of time to try to get their money back under PayPal's much vaunted "Buyer Protection" (empty) promise. Even glaring proof of listings on a hijacked account can't make them move any faster than molasses in winter. Chinese email accounts for a seller living in Nebraska should be a strong hint that something might be amiss. But that escapes eBay continuously.

eBay has grown too large too quickly. Quality assurance is a non sequitir with them. And they either do not care or do not know how to improve their services. Having recently canceled my longtime accounts with both companies I believe it's a combination of the two. Their canned e-mail replies just don't cut the mustard.

Last year items were posted for sale using my sign-on. I even received a bill from ebay. When I contacted them (they don't make that easy)to complain they said to close the account. I asked how could this happend since nobody has my ebay password and I had not even signed-on in a year, and they had NO explanation. I later found out mine was not an isolated problem. Ebay and hacker problems go together like peanut butter and jelly.

Welcome to globalization. Americans are forced to play by one set of rules in America while people from all the other countries are allowed to play by no rules and steal Americans blind. The corporations and politicians just continue to lie and deceive all and want to convince everyone that there isn't a problem. I figure by tomorrow, Vlauduz will be made a legal US citizen, He'll learn Spanish (our national language) by the week after, open another Mcdonalds in the States (with all the money he has stolen) then hire Illegals to work pennies per hour (while the rest of Americans have to pay for their social costs) to peddle the worthless carbs and fat to the overfed cows...I mean American people....and then the American people can go for their after Big Mac Meal Smoke outside of Mcdonalds (shivering) as they inhale the highly addictive agents in the cigs that Phillp Morris claims is not addictive. In about 3-4 weeks I figure Vladuz will have taken all his illegal EBay stealings and all his Mcdonalds earnings and be pouring them into Phillip Morris stocks. He won't have to worry about any Lawsuits because Bush and the congressional whores will be covering for Vladuz and the deceitful CEOS so they can make their billions....and should Vladuz want to open more Nasty Mcdonalds on every corner so the Mcdonalds nasties can litter every street corner with their cigarette butts, he can always call my worthless congresswomen, Judy Biggert , and let her know he needs more illegals to exploit. See, worthless Judy Biggert, uses the tax money of her constituents to hire people on her staff and have them work soley on serving the needs of illegals in this country so we can have many more people just ike Vladuz come to this country and disregard every law and have legal Americans pay for the Big Macs of the soon to be fat ars-es of the illegals. Tha way all the people like Vladuz who should never have been here in the first place, can rip off legal Americans at an even faster pace. Thanks Judy! .....Ebay, Mcdonalds, Halliburton, Phillip Morris, Britney Spears, Miami Judges, Youtube and on and on.... What would the world do without the Jerry Springer culture of the USA? By the way...anybody hear who won that Ebay auction of the Brittney Spears Red Bull can, cigarette lighter, and hair that Britnney shaved off???? Man, there is some lucky dude out there somewheres. Word.

I was an enthusiastic EBayer until about a year and a half ago. My account was hijacked and Paypal.

A single spelling error on an otherwise flawless Ebay page tipped me off initially. I would use my favorites address to access the site and then go through a normal series of screens on my way to either bidding on or paying for an item.

Somewhere in those screen changes the hacker or hijacker would slip his screens in and then, I was his. The next screen looked flawless, the next step in the transaction was smooth. It was just the next step that I was so used to click and pay. But for two things. The hijacker had a virus at the time that knocked my machine for a loop. And a misspelling. On the authentic looking page.

I lost some money, bought things ersatz, moneys removed from my account without authorization. Sellers bad mouthing my name. Ebay threatening me. Ebay denying all. Paypal denying all. And I, a puppet on a string.

I only escaped this hijacker by doing a complete wipe of hard drive, all passwords, new ISP, new phone, new credit cards and bank accounts, new email provider and ID......... Everything had to be changed.

And it came from Ebay to me. For years I had used the same favorites access. I double checked. But someone had a catchers mitt awaiting me on that end, at Ebay, or hacked through Ebay.

I haven't been back. And if I do, I WILL pay for my items off site. The randomness of this type of money trail is its own security. I don't give a D*** what they tell me any longer.

Dean

There's a pretty easy way to avoid this problem at eBay; don't use the site, or if you do, demand other forms of contact besides email. Personally I don't trust anything I can't physically inspect myself ever since I ordered a laptop from a "supposedly" reputable source at eBay only to find out the computer was stolen. Could we stick to more topics of conversation that really causes a problem for the general public?

I had my account hijacked not too long ago. Also, the thumbnail porno pics offering illegal acts are all over the site. Really disgusting and eBay will not take responsibility for it despite children being exposed to it..

Not very far at all ..!! If he had, there would be huge media headliners all over the place. eBay is SAFE to use and people should not swaet the small stuff.

By the way ..when are you going to write about something interesting ..? Get off the Globby-dah-gook bandwagon !

I have been a member since late 2000 and only use it for personal use. I have bought and sold hundreds of items, again all for personal use. It has been an important part of me saving money on things that would cost sometimes nearly double had I paid retail. But it is now getting to a point where I cannot trust any ebay auction any longer. I have become fairly astute at spotting a phish email or even an auction from a user that has had their account hijacked. My sister uses Ebay for a home based business and has had her account hi-jacked and she follows all of the ‘guidelines’ on protecting your account.

The statement “fraud remains a tiny fraction of the million or so transactions the firm facilitates each day” IMO is a flat out lie. I can go to just about any category and find a seller who’s account had been hijacked and is being used by a scammer. In my experience, it is not just hi-ticket items that are used to extract money from buyers. I have placed bids on items from cell phone batteries to laptop computers and then received a notice from Ebay that the account of the seller had been hi-jacked and the bids have been canceled. When just about every person I know that uses ebay, knows someone who’s account had been hi-jacked, that’s a lot of accounts. It’s like the ‘and they told two friends, and so on….” The end is near for Ebay in my life, and a lot of people I know….it’s a shame.

It would be interesting to know how Baldwin or anyone can spot a fake auction

I was having a significant problem with a "phisher" that appeared to be an Ebayor employee. I forwarded the emails to Ebay. This went on for months. AOL allows me to block objectionable email addresses and turn spam filters on high. This has stopped a lot of it, as well as not lauching Ebay from an email. Initially, whoever was doing this got my login information by unknown means and kept sending me emails of fake Second Chance offers on high ticket items, etc. They looked like authentic Ebay emails. I'm not one of their sellers. It was really scarey.

when i encountered fraud issues on ebay and complained to them they sent pre-written responses back from their foreign customer service providers. they are obviously concerned only with having the appearance of cracking down on fraud. it is a dangerous site to use and i won't get burned again.

This is no surprise. Long-time eBay users know that the site is drenched in fraudulent activity, and that eBay spends more time persecuting its legitimate sellers than it does the phishers and scam artist. Why? Because legitimate users who make simple mistakes (such as unknowingly listing an item forbidden by eBay) are suspended without warning; this makes for good statistics and a good public face, but they have ruined many small businesses with these heavy-handed, publicity-oriented tactics. And this extends to their PayPal portal, PayPal, as well. Just look up PayPal freezes accounts on any search engine. The story is there for the telling. eBay and PayPal's lack of concern for its customers is slowly catching up to it.

This is why, when I wanted to change my e-mail address and e-Bay REQUIRED that I give them a credit card number to do so, I refused. I haven't been on their site since. So, I know when I get e-mail purporting to be from them about my accounts, it's got to be fraudulent.

There are only two groups affected by this issue. The person who had their identity stolen and the person who assumed their purchase was from a reliable source with security in place. Also, as a buyer we all have a false sense of security in ebay as when there is an issue there was no real help other than "You should know that their is fraud". Ebay needs to take responsibility to those affected by fraud on their site. I think they minimize the issue or put blame on the victim. Until has better security and fixes the issues the problem will continue. Ebay's stock will be fine and the consumer's pocketbook will not.

How scary is this? I think it's time to un-register from ebay!

Buying and selling on the internet is past its prime. If you buy on Ebay or Amazon marketplace, getting scammed is the rule, not the exception. I only shop online at websites of major, reputable companies.

Just try to buy a '60's Mustang fastback and you will see a number of seemingly legit auctions. Until you try to ask the seller a question. It is way out of hand and is damaging EBay's fragile credability.

"NO RECENT increase"...I gotta call B.S. on that one. My account was hijacked and I am very fortunate I happened to be logged into eBay at the time to intercept all of the fake auctions the hacker set up on my account. Within 10 minutes there were at least 30 bogus auctions underway and about 300 dollars of fees piling up under my account. I will have to give eBay credit though, one call and all of the auctions were deleted and a prompt fee reversal completed. I did spend the rest of the day changing all of my user names and passwords to every account that touches the internet. You should do that anyway...but even still...you are never really safe, are you????

Having just recieved a fake second chance offer tht included my e-bay identity as well as my personal name and address tells me the problem is bigger than e-bay will admit

I know after an attempt to use my debit card on EBay from someone in Romania for a $369 purchase, which my bank refused to authorize, I got a new debit card & canceled my PayPal & EBay accounts both. I don't trust them any longer.

Ironic....a few short years ago, after going thru a divorce, I went "back" to Ebay to auction off some jewelry (like my wedding rings!) and some other items I wanted to sell, and was stopped (embarrassingly) mid auction by Ebay and basically accused of scamming and/or selling STOLEN property. Keep in mind, I had sold on their site for quite a long time previously and had a high 90's positive rating from the feedback of numerous happy buyers. However, in Ebay's "judgement"....I had suddenly become a thief and a scammer because I had changed my last name (duh.....DIVORCE....to my maiden name....which was also my MIDDLE NAME) and started selling again after a hiatus from selling for a while. They sent me several sudden and suspicious sounding emails wanting things like a copy of my drivers license, copies of my credit card statements and/or copies of banking statements, and proof of purchase/ownership of the items I was selling! I wrote (and called) them to let them know I thought someone was scamming ME by emailing and asking for such information. Alas, it was no joke! The "brilliant" decision makers at Ebay actually wanted me to send them such confidential information because I had changed my last name (which I informed them of that repeatedly). I was willing to provide name change documentation, but wasn't about to send them the extremely confidential information they requested. Nor did I (nor would most people) have receipts for the jewelry my ex-husband had bought me or for items I had purchased during (and prior to) a 10 plus year relationship!! They were rude, unprofessional, accusatory, and so determined to prove I was a crook, that they were beyond comprehension. So, and here's the irony, now it appears they are so busy attacking innocent, legitimate customers, that they let the real scammers and/or thieves get by with the real problems situations. Hmmmmm...Perhaps they should replace those who make the "judgement calls" with people that can pick out the real threats, real problems, and real issues from the innocents!

Gee, someone's finally figuring it out?

About a year ago "someone" stole my login credentials on eBAY and posted 100 fake auctions. They also changed all the notifications so that I wouldn't know they'd been listed.

Now here's the cute part - the password on that account wasn't used anywhere else. My PC is behind a high-strength FreeBSD firewall. It has antivirus, anti-phish and anti-scam software on it, both off-the-shelf and my own proprietary stuff. I've got all sorts of REAL financial records on that machine, yet none of them where stolen and misused. And I have proprietary anti-spam software that blocks ALL of the phishing emails. Only the eBAY account was penetrated.

Now add one other cute thing to this. Within MINUTES of listing a new auction on eBAY, my spam filter gets hits with phish trying to steal my password. But - other than me, NOBODY KNOWS THE AUCTION IS LIVE YET BECAUSE THE INDEX PAGES DON'T REFRESH FOR A COUPLE OF HOURS!

So how did the "hacker" know I listed a new item, UNLESS HE HAS ACCESS TO EBAY'S INTERNAL SYSTEMS AND CAN RUN HIS OWN QUERIES!

Oh, one more thing - there WAS one other place my eBAY password was. On PayPal. PayPal asks you to put it in so that it can refresh the "PayPal logos" on your auctions.

I of course recovered my account and changed the passwords. I also disabled the PayPal linkage, NOT updating the password there, so it can't "stuff" my auctions any more.

And guess what? While I STILL get the attempted phish within minutes, my account hasn't been compromised again.

Coincidence? As FOX NEWS says - "We report. You decide."

At some point on Ebay's systems, whether inside an email account or on a server, users' passwords are being displayed without encryption. Whether the hacker got a server or just an email account, user passwords should never be displayed and should always be protected with a hash or in an encrypted file. Ebay's information security folks should know that.

Geez, this makes Walmart seem like a featherweight!!

Whether online, in store, or from catalogs or a fellow selling stuff out of the trunk of his car...BUYER BEWARE.

I was scammed on Ebay for $8000.00 for a motorcycle that was posted on their web site and was send fake Ebay approvals but never got any help from them what so .ever

My account was hacked. I sent an email to Ebay that I received about my account and was told that it did not come from Ebay. I now have to cancel a couple credit cards and change my bank account. Not happy at all about the trouble that this has caused. I don't even want to deal with Ebay's site anymore. Very upset and disappointed.

I am happy this has happened to eBay. I have claimed fraud several times as a victim and they never did ANYTHING to take care of it.

Last fall I was a victim of eBay theft through Paypal. The theif arranged a purchase through my account to the tune of $1500. The transaction was rounted through a Wells Fargo bank in Africa. I did get my money back from Paypal, after a lenghty investigiation. However I did shut down my eBay account, my Paypal account and I ultimately even broke ties with my bank. A hard decision because I had been with them for many years. I was dupped by eBay and Paypal by believeng I was actually SAFER by "verifying my account", (this is the process of tying your eBay account and Paypal account to your Checking account) as they INSISTED. It was not safer. And YES, something is GOING ON, even if they do not want to admit it.

I think the bigger story is ebay abuse concerning fees for listing. Ebay may in some instance not list your item for up to 8 hours yet you are charged for the full time. In live online chat with them to said that they will in no way refund fees for time posted and that same applied to all clients, at which time I mentioned that they equally disenfranchising all clients. I would like to schedule a live chat again and send you a copy of their response please contact me. This practice results in in Millions in revenue in which in a class action suit we should be re-imbursed

As a frequent eBayer (almost daily), I honestly don't see how some people can fall for these fake auctions. They're so obviously fake and can easily be spotted a mile away. They might have contradictary information within the listing, the "item location" is a filled with a non-existant location, etc.

If you are on eBay and you see a listing that you suspect to be fraudulent, there are links on every aution and "Buy It Now" page to specifically report [suspected] fraudulent listings. Don't hesitate to report anything you would see as odd or suspicious.

I'm surprised that companies haven't set up fake user sites with IDs that the companies can then watch for to catch the thieves when the IDs are phished.

In fact, I find it strange that no one has created an effective anti-phishing program that looks for programs seeking ID information just like anti-virus programs look for computer viruses. There are bound to be certain characteristics that phishing programs have in common.

I have had my identy stolen,twice I have had to change my banking account.All this is from Ebay,I have been notified about people trying to sell items on my account that Ebay has caught.I keep changing my password,and trying to protect myself.I think I am just going to stop!!!.That would be the safest way to protect myself.

I found this article to be very interesting. I had a hacker take over my account at ebay while I was currently on ebay winning an auction. My bid did not go through because I had "changed my password". I knew that I had not changed my password so I tried to login again and my password was not working. So I went to their live help.

The hacker had changed all of my personal account info by one letter or number and he had changed my phone number and email address. He was also able to list over 300 high priced electronics in my account.

The live help person had to contact security. They required me to go in and fix my personal information after I changed my password and user name. They also cancelled all the auction the hacker had listed.

I don't know how it happened because I have never fell for any of that phishing emails. I have never gave anyone my ebay password. Ebay had no idea how this could have happened....I do...I have my answers by reading this article. Thank you for informing us.

As a long time ebay user, I certainly hope that the ebay representative isn't just pacifying us in hopes that this will encourage the business to keep flowing. If there is a problem, and it sounds like there is, ebay would be much better off acknowledging it upfront rather than allowing it to come out later that they were lying to us. If that became the case, confidence would be unshakably broken.

They need to create around 30 thousand fake accounts. Seperate all employees into 30 groups and give 1000 accounts and there information to each group but a different 1000 accounts per group(but not reveal they are fake). If only certain ones get stoelen within a single group then it becomes obvious it's an inside job...if it seems spuratic then it's outside. Tag all the accounts (can even be done with ActiveX controls) and trace to the best of there ability locations. It can be done. People can tag someone elses computer with an ActiveX control that gives tons of info about someone else so why can't they selectively do that for investigative purposes?

As long as EBAY gets their fee, they pretty much don't care about anything else.

E-bay's is a hopeless business model - anyone that uses it is asking to be defrauded.

Ebay and the people who run it are hacks and con artists. And who's Paypal owned by ?? LOL @ EBAY. Suck it up, you couldn't continually rip people off without someone finally getting mad. Funny to see that they're stressed and are having difficulties, I'll sit back and enjoy this.

I thought about this 10 years ago and concluded that neither Ebay security nor law enforcement really cares much about this type of activity. I never buy at EBay, or any other auction, and limit my on line shopping to reputable sites. I have a card I use only for online shopping and monitor it closely.

Let the buyer beware, because EBay don't care!

My Ebay account was hijakced just before Christmas. what a pain it is to get reinstated.

so you are telling us to stop using ebay????

On one day alone, I received six requests that required me to give my ebay account info. I forwarded them to ebay. I get these all the time and ebay can not stop it. Last summer several people from England (with Asian sounding account names) were posting phony feedback using my account ID. They were selling electronics, computers, etc. Ebay responded in a manner that made it look like I was reneging on bids. I have drastically reduced my buying on ebay as a result of the above.

I just recently (as in less then 5 days ago) one of my auctions hit by a scammer. This person sent "fake" winning notifications to the second & third highest bidders on my auctions. Luckily, the users contacted me instead of the scammer.

eBay and PayPals responses were very generic, and they did not seem to be interested in helping either me or the person who was being scammed.

It's a shame. PayPal and eBay claim to care about fraud, but when I notified them, they didn't want to touch it with a 10 ft. pole.

I am so glad you ran this piece! Last month my eBay account was hijacked and of course eBay blamed me saying *I* had given out my password. The hackers listed DVD's for sale under my account. What I thought was so strange was that eBay knew about the fake auctions right away. So... if someone stole my password (from me) and posed as me selling DVD's - why would eBay know they were fake auctions? The only explanation is that eBay can somehow see this coming from "the inside". To add insult to injury, eBay then made sure to send me nasty emails telling me I had listed copyrighted work and that my account would be suspended if I did it again - even though they knew it wasn't me.

I am so glad you ran this piece! Last month my eBay account was hijacked and of course eBay blamed me saying *I* had given out my password. The hackers listed DVD's for sale under my account. What I thought was so strange was that eBay knew about the fake auctions right away. So... if someone stole my password (from me) and posed as me selling DVD's - why would eBay know they were fake auctions? The only explanation is that eBay can somehow see this coming from "the inside". To add insult to injury, eBay then made sure to send me nasty emails telling me I had listed copyrighted work and that my account would be suspended if I did it again - even though they knew it wasn't me.

Recently 20 auctions for high priced items were listed on my eBay account, eBay had ended them and notified me before I was even aware it had happened, I use eBay everyday! When I contacted eBay about what had occurred I was told it was probably a computer virus recording my keystrikes because I responded to a pfishing email, WHICH I HAD NOT! eBay was probably aware at that time this was an issue but did not tell me. This problem is obviously much more serious then eBay is admitting.

I believe this to be very true.

I discovered an issue with eBay approximately 2 years ago that would allow me to collect users IDs and passwords. It took many hours to develop and test a "proof of concept". Once it was created, I contacted eBay where they insisted I turn over my knowledge for the "benefit of the community" and they were unwilling to give any reasonable compensation, not that our discussions ever made it very far.

I must admit I experience a little fear during the process. Instead of discussing this with me, they decided to threaten me initially. However, there was no justification for doing so, as my comments were benign and friendly.

To this day the "hole" still exists. But I'm an honest guy, and have no intentions of using this knowledge to harm others, nor do I intend to release it to others.

It's just too bad that eBay was unwilling to take the matter seriously and avoid the security issues that currently exist. I found my experience with them very disappointing and have since stop participating in using them as a service.

They have lost my trust.

Just a note, I let my son use my credit card on ebay and a week later I was contacted by my credit card company because of charges that were being put on my account in Italy and California. It's a good thing that it was caught quickly or it could have caused some real damage.

And I thought PayPal's integrity was a farce...

How can you tell if these are fakes, Im afraid to even use eBay anymore!

Of course eBay will not disclose or admit the depth of access hackers have had to eBay's internal systems. However, I can personally say that eBay is on top of it, and they mitigate damages before a compromised eBay user is even aware their account has been hijacked. I have no clue how eBay new my account was hijacked, but they had already taken care of the problem within hours of it happening, and notified me by email what had happened, and that it was fixed. At the time of the email, I was unaware that someone had accessed my eBay account. Now that's service! I trust eBay, and the eBay community is a wonderful marketplace, with lot's of wonderful people. Don't think eBay will drop the ball, because I think they have a secret arsenal of anti-hacker tools that no one will ever know about to protect us. Always remember to look at your browser address bar before logging into any website to verify that it is indeed the valid website, and not a spoof or phishing site with an address like https://www.65.125.xx.x/xxx. you will be giving someone else your login information!

I was a victim of a hijacking. A Hijacker broke into my e-bay account and tried to sell items. E-bay finally locked out my account to stop the hijacker. One additional interesting situation occurred. The hijacker incurred a fee on my account. I contacted E-bay to correct the issue (they were acknowleding that they knew the fee was incurred by the hijacker). However, it was very painful to correct, and after 4 phone calls, I finally gave up and had them close out my E-bay account for good. I would suggest that E-bay has more problems then just hijackers.

Unfortunately these type of things happened all the time. Why you may ask? Certain products out on the market only allow you to identify all your “potential” network exposures or holes. With penetration testing or ethical hacking you safely try to exploit those vulnerabilities just like a hacker might. The idea is - if you can find a way – then so can a bad guy. There are huge risks out there, and you want to make sure you are doing all that you can to prevent these types of breaches.

I think ebay needs to hire the best security experts. Hire about 30 CCIE's in security, and other database experts. Ebay bucking the dollar to increase profit has bit them.

Billion dollar corporations must go above and beyond normal security, and in this case they didn't go far enough to prevent this embarasment.

I am a FORMER Ebay user and have been plagued by repeated emails from someone I have never heard of. The senders name is Bluebell something and they keep asking me to confirm I have an item they want to purchase. I NEVER open these as I have not been a client of Ebay for well over a year. So everyone out there beware I don't know what kind of scam this person is running but the won't run it on me.
Stephanie

I discontinued using ebay about two years ago because of security issues and ebay has yet to get its act together. Granted, the nature of what they do is very difficult to control effectively. However, with that understanding they need to have been far more proactive in developing and deploying solutions that address the inherent vulnerabilities of the auction system they pioneered.

On such a system passwords must be systemically changed at least monthly if not more frequently and they must be controlled to enforce complexity by requiring at least eight characters comprised of upper and lower case with numbers. That is just for starters. I'd wager that over time ebay hasn't implemented even that basic a policy for internal or external use. They might even be storing passwords in an unencrypted form. That is really dumb. Ebay has made a conscious decision not to implement tight security for ease of use reasons. People don't like the hassle. The trade off is accounts and credit cards become compromised. I've no doubt ebay is an origination point of consequence for some of the credit card fraud that occurs in this country. Ebay security has been broken for a long time. I closed my account completely over two years ago and still get occasional phishing emails. I don't want to be in their computer system but I know from their responses that they have retained my private information in their systems.

There are many frauds on eBay. They do not have the resources to stop this from happening. If they do kick off a scammer they can be back on in less than a half hour. The scammer just uses a different email address. It isn't hard. Many ebayers have more than one id anyway. They have their sellers id, and id they buy with or use for a second store with different items, and one they use to post of the boards. I personally have 3. They do this to keep one bad apple from ruining their whole eBay business with negs. It unfortunatly has happened. A competitor gets mad because anoter seller has more sales so they buy something from the other seller and leave a negative feedback just to mess up their sales. Sometimes someone will post on the boards an opinion that one of these bad apples objects to and soon they are messing with that persons auctions. Now eBay has decided that all new seller must sign up with paypal. Will this help stop all the scammers? Maybe it will slow it down for a bit. Will it stop it no. One feature which was a help to sellers was where you could check and see what any bidder was bidding on or had bid on for the past 30 days. You could look at it and see if a buyer was buying dozens of like items. It did the sellers cancel bids and block the bidders who were on a buying rampage with no intention of paying. That feature is gone now. The powers that be in eBay have decided if they so not show the buyers ids that will stop scammers. The biggest problem with selling on eBay which includes paypal is they do not back up their sellers. To many sellers get cheated out of their money and their listing fees. It is getting to the point where a seller is going to have to hand deliver each item personally to the buyer, take a picture of a smiling buyer accepting a package, and a picture of the buyer showing a thumbs up that they were satisfied with the item in order to keep buyers from filing complaints and getting their money back.

eBay is either utterly deficient and truly has no idea that Vladuz is hacking their system, or they are lying. I had my account hijacked last week and hundreds of fraudulent DVDs were posted using my account. I have NEVER fallen for phising, my systems are all securely firewalled and the only way my account could have been compromised was from inside eBay.

eBay lies. They are a big business and any system incursion will cost them customers and ultimately money. Any security breach will not show the true damage for a year or more. Companies need to grow up and just be honest. Honesty is looked at as a sign of weakness in Business and Politics.

The Polaris 6x6 Ranger auctions are full of frauds. Contacts to individuals, when the auctions are over, is something for members to watch out for. If they say you can't pick it up at the store, because they don't have a store front, beware. If you can buy it local, I would suggest you do so. You can't stop a thief, that is all they have to do.

eBay regularly misleads the public concerning the amount fraud that takes place on their site. The only way to truly avoid this is DO NOT DO BUSINESS ON EBAY. I would feel differently about this if eBay were an honest company, but they aren't, so it's time to quit using them.

It is no surprise to me. Ebay lies all the time and does nothing about it.

It really doesn't surprise me that scammers are walking around ebay with immunity. I was a seller on ebay and was suspended because they said I was a fraud seller.Yet I had a great feedback and sold well over a 100 items.
Meanwhile I would receive around 15 to 20 emails from scammers daily. Oddly I received none until I began to sell. Makes me wonder where they have gotten my seller name from. But it went so far as to not only receive them in my regular email, but to also receive them in my ebay mail on thier site. So yes some ones accounts were hijacked.
Funny thing is when I spotted these fraudsters and reported them ebay did nothing. I watched the phony items they were selling get sold and watched later as the buyer complained.
Ebay is so full of lies when they make thier claims as to how low fruad is. I can't blame them because they would lose business if they told the truth. Scams abound on ebay and thier fraud department is the biggest joke to ever hit security. I really think a 6 year old could protect its members better. For example a very simple idea that was suggested once was to id verify all members. Personally that would be great and a little harder to scam. Ebays response was to state that we would lose money by doing that.
So the real deal is this as long as ebays bottom line stays high they won't change a thing. They will make bogus ideas to make you think they are though.
if you don't believe me then ask me for the 800 pages of evidence I have.

Maybe this is why EBAY is so screwed up lately. In the past few days when I attempt to click on items for sale, I get error messages saying "invalid item". I have also been unable to pay sellers through EBAY provided links

This level of hacking is nothing new and quite common.

Recently thought I purchased a DVD set. Barely got the 'buy it now' acknowledged and Ebay said they had cancelled my bid because it was a fraudulent sale. Unfortunately i had within the hour with Paypal. Ebay and Paypal were absolutley not interested in my problem. They kept $25 of the price (for no help at all. Ebay used to be fun and honorable but now I'm not interested.

My solution: Don't buy or sell on eBay. All I ever get is a spoof warning, and then a computer script in answer to my concern.

Unfortunately these type of things happened all the time. Why you may ask? Certain products out on the market only allow you to identify all your “potential” network exposures or holes. With penetration testing or ethical hacking you safely try to exploit those vulnerabilities just like a hacker might. The idea is - if you can find a way – then so can a bad guy. There are huge risks out there, and you want to make sure you are doing all that you can to prevent these types of breaches.

As a recent victim of one of Vladuz's hacks, we certainly HOPE that Ebay finds a means to control it soon. Our business, means of some of our income and therefore our ability to be financially responsible for ourselves and family is at the mercy of Vladuz and Ebay until this idiocy is stopped.

I've had my account hijacked on ebay before. When I reported it ebay didn't seem to care that much. Although they did close the auction. Another time they seemed to have the attitude that I should have been more careful and came across as Seller Beware! I'm really not impressed with ebay security. I think they're more worried about their image to keep people coming back.

i had my ebay and paypal logins and passwords stolen at the beginning of February. The thief purchases $900 dollars worth of electronics. Thankfully, I caught it within 8 hours but am still working on getting back all my money. PayPal has been fairly good in working with me but its just taken a while

I have just been through this mess. I am closing my e-bay account at least for the moment. Someone hacked into both my email and ebay account. Within a 12 hour period I was charged over $17,000 to my ebay account. I wasted 2 days trying to remedy the problem, and am still fearful that I will be compromised again. Although ebay has a live chat, one waits forever to talk with customer service. I found this to be extremely frustrating. Ebay needs to add more people to help people like me on line. Better yet, a live person over the phone, where one wouldn't have to wait a half hour in order to make a complaint. I think E-bay can be a very dangerous site for identity theft.

"Can anyone believe that counterfeiters using phished accounts could list this many items, using all new accounts each time, three or four times a day? Day after day?" she said. "There are thousands of them ... EBay is completely at the mercy of the scammers.”

yes all they need to is turbo lister and a datadbase file full of goods. then all they have to do is switch usernames and passwords in the software very simple to do

This happened to me last year. I was not phished, as they say, though. I'm no spring chicken and I have been well aware of phishing scams for quite sometime and therefore I just don't give out that info. Well one day I logged into my ebay account to find that some 70 pairs of Dolce and Gabanna sunglasses were being sold under my user name. I had never previously (or since) sold anything on ebay. I contacted ebay and got the auctions removed. A few months later I got hit with the sellers fees, and was sent to a collection agency. I had to threaten legal action to get the charges removed. The thing that distubs me, esspecially after reading this article, is that I WASNT phished. Someone got my password from somewhere else. I've since closed my account with ebay and will never use them again.

This happened to me last year. I was not phished, as they say, though. I'm no spring chicken and I have been well aware of phishing scams for quite sometime and therefore I just don't give out that info. Well one day I logged into my ebay account to find that some 70 pairs of Dolce and Gabanna sunglasses were being sold under my user name. I had never previously (or since) sold anything on ebay. I contacted ebay and got the auctions removed. A few months later I got hit with the sellers fees, and was sent to a collection agency. I had to threaten legal action to get the charges removed. The thing that distubs me, esspecially after reading this article, is that I WASNT phished. Someone got my password from somewhere else. I've since closed my account with ebay and will never use them again.

Having been ripped off by a buyer on ebay and then getting no assistance from ebay I am not surprised at any of this. Ebay acknowledged that an account had been taken over and we lost our money and our ebay item. But when we tried to deal with it - we were advised that although the account had been taken over, we were dealing with an offsite auction and ebay was not accountable at all. I was out the item and all my shipping charges. I don't trust ebay at all anymore.

l purchased a jardeniere through ebay. i paid for the item, shipping and insurance costs. the item was broken when it arrived via ups. i tried to contact the seller with no success. i then contacted ebay and their response was that they couldn't locate him either. too bad, sucker.

EBay lying about a major security breach... Imagine that... For any legitimate small seller who has tried to use EBay recently, none of this is exactly a shock. What used to be a friendly auction site where someone with limited means and a few items could sell them easily has become a monster corporation only interested in large commercial accounts and the money they bring in. You reap what you sew, and EBay's current troubles are laregely of their own making. The only unfortunate thing is some innocent bystanders are likely to be hurt.

Ebay has serioius integrity problems anyway beyond
the scope of this hacker. The entire process of
buyer / seller ratings is dysfunctional - serving
only as a mutually assured matching feedback
mechanism not accurately reflecting flake buyers
and sellers. I do believe there needs to be an
Ebay users (buyers/sellers) union outside the
sponsorship of Ebay, so that meaningful discussion
and improvements can be pursued.

What took them so long.I put something up for sale.In an hour I had someone who wanted me to stop the sale so they could buy it.Then they wanted to money wired.So i think ebay is slow to react and is not as safe as it was.

eBay seems to do everything in their power to protect sellers, but not much at all to protect buyers. We've been scammed quite a few times of late, and neither eBay or it's other company, PayPal, seem to want or be able to do anything about it. I think it would be great to see another company give them some competition. Right now it seems like they feel they can treat their customers any way they want, because they are the "only game in town."

Great article, Bob!

I think the government should pass a law saying every on-line transaction must be preceded with this warming, "Keep your arms, legs, fins and flippers on the keyboard...this could get bumpy."

well that the future the internet needs to change all togeter.

Very interesting. I have noticed recently that several computers ostensibly owned by eBay have been trying to access ports on my computer. As far as I know, my firewall has stopped them.

Yes, what is being described can be accomplished using phished accounts. Its extremely naive to think it isnt and calls Baldwin's credibility into question. Millions of phish attempt emails go out and a huge number of unfortunately ignorant people respond to them. They never know they've been compromised until it is too late. These accounts then sit in a database to be used by criminally minded individuals.

The fact that the accounts appear ordered, to me, indicates that these criminals are getting lazy, or arent as good as people think they are. Ordered usage is too obvious, is a potential clue to follow, and isnt necessary. If they were more sophisticated they would make sure their usage was heavily randomized.

Is it possible this "hacker" has deep access into eBay? Sure. Is it likely? No. Most "hackers" have about 1/10th the skill and knowledge and access they boast about and about 1/20 what people (esp the press and the "expert" pundits) ascribe to them.

I am a regular ebayer and I have noticed that the ebay sites are fake. I always check for the verification sign or symbol on the corner of the page to see if it is secured and real. Am I right about this? Is it alright to relie on the security symbol?

Ebay and PayPal are terrible about letting users know if what they are receiving in email is real or fraud. When you report suspicious email they very seldom get back to you to answer your questions regarding the fraud email or to tell you what you should do. Most fraud email comes to Ebay and PayPal users with the exact address that these two companies use. Ebay has many, many sellers that have extremely high Negative feedbacks but they do nothing about them since they are also the large cash cows for Ebay. They invite bad users for the sake of higher income for Ebay.

Ebay is itself the biggest con around. As long as they get their percentage, they have little incentive to fight fraud unless there is a massive user exodus from Ebay. The AG's of the various states should be investigating them, they are the root, and they can stop ALL the hacking and scam auctions going on.

What can we do to protect ourselves on ebay?

I've been a buyer and seller on Ebay now for about 6 years, and have never really had any problems or bad experiences to speak of until last month. That's when my account was hijacked. I checked my email on a Sunday morning to find that about 20 items had been listed in quick succession on my account in the middle of the night. To Ebay's credit, within an hour after the items were listed, they had already realized it. They promptly froze my account, and credited all listing fees back to me. From start to finish, it took Ebay about 4 hours to identify the activity, implement their security measures, and give me credit for all related fees. My only inconvenience was an hour or so of my time to follow basic security procedures and change passwords and other settings that had been changed by the hijacker on my account, which really wasn't much of a problem at all. I was pretty impressed by the speed and manner in which the situation was handled by Ebay. After reading this article, it appears this is a growing problem, and I will be watching my account very closely. As I said, I love Ebay and have had good experiences so far. But if this problem continues to worsen, I won't hesitate to close my account and explore other options.

My account was hijacked; it was the 1st time I'd experienced that. Someone listed about 53 different pairs of Oakley sunglasses under my account (without my permission or my giving them my login info; I have no idea who did it), incurring about $100.00 (USD) in listing fees. It occurred around 5:42 p.m. (EST) on Saturday, Feb. 3, 2007.

While concerning, I didn't panic. Contributing to my calm demeanor was the fact that even though my account's hijacking wasn't during "normal" USA "business days or hours" when "all hands" might have been "on deck,"... eBay Security and Support staff detected the hijacking very quickly (IMO) and within an hour had emailed me notification of the incident and had removed all bogus listings and credited my account all associated listing fees for those fake listings. My 100% positive feedback rating was not affected.

I went through the thorough, step-by-step instructions eBay provided to re-secure my account and to educate myself on more ways to do so. I took immediate action and kept working until the task was completed. While it took about 30 minutes to go through their tutorials, how-to guides and complete my account verification and to verify and/or update other information related to my account (e.g., my password, security questions, etc.), it was ultimately a good thing (or at least that's what I "made" of it)... it spurred me to change my password and security on another account I had (and I added more variety and complexity to my login and identity authentication/verification info for that account).

On Feb 27 I had 22 listed on my account. I deleted them through e-bay process. Then on Feb 28 I had 4090 items selling on e-bay. I got home from work and checked my noticed I had over 300 e-mails. I opened my inbox and it was e-mail from e-bay confirming my listings. There was one popping up every couple of seconds. I could not delete them fast enough. I got on e-bay to there live chat help. The first person I chatted with couldn't help me, so he typed in a link to the trust and privacy department. When it was all done and taken care of I had 4090 items selling on and e-bay also 4090 e-mails what a pain. They also closed my account for over 24 hours.

Simple...Stay away from Ebay. They will NOT protect you...the customer. They will talk about how small the percentage of fraud is...all the while, its getting worse and worse...and they dont care. Dont trust them. Stay away from Ebay and you wont have to worry about it.

E-bay needs to get a clue. My account was "Hijacked" a few months ago. When I alerted e-bay, I was met with confusion and misunderstanding. Personally, I will never use an online auction site again. If I need something, I will just pay a little more, and get it new from the source.

Last week, I was e-mailed an offer for a second chance for an auction I bid on, on Ebay. Only to ask me to wire the payment for the item I wanted to England. They even sent an e-mail with Ebay's and Pay-Pal's logo on it with directions on how to send the payment. Yet, I didn't receive anything in my account on E-Bay. E-mailed the seller and found out he had already sent the item out. I forwarded the e-mails to E-bay and Paypal. But, If I hadn't been a little skeptical about the e-mails, I could have sent $100 for a play station 2 lot and never gotten anything. But, how did this person get my e-mail address? I received 2 different ones, for the same item with 2 different e-mail addresses. Scarey, Huh?

I have been getting spam from E-Bay for many months now. They keep telling me my account has problems, been hacked, or terminated. I don't have an account, never did. What kind of security does E-Bay have?

In order to make an eBay ID they should make people confirm their names and identity through some sort of method so that every ID on eBay can be identitfied and traced back to the right person.

I have been selling on eBay for 3 1/2 years. Each time I had a problem (like not being sent emails from eBay and/or Paypal, or an obvious crook trying to interfere on my auctions), eBay has systematically denied any problem. This seems to be their "policy" and I personally believe that any company using its monopoly status to plainly lie to its own customers should face huge fines.
In the case of fake buyers for example (they most of the time use the “buy now” option, provide an obviously fake address and, of course, never pay) it takes 3 weeks to eBay to acknowledge the fraud and accept to refund the seller’s fees. The reason is very clear: eBay BENEFITS from the fraud as they keep the fees for weeks. Multiply this by the number of fraudulent cases and you get an idea why eBay does not even try to go against fraud when they benefit from it.
The fraud has dramatically increased during the past year. As eBay refuses to give any number (which, by the way, should be illegal) I can only report what I see as a seller.
I do believe one of the reasons eBay is attacked comes from their own distasteful policies and attitude. Many sellers on eBay probably agree and think that they certainly deserve to be punished as they operate in a monopolistic situation in a country where most laws against big criminal corporations have been abolished.

I get two or three messages a day that appear to be from ebay. Only thing is I have never bought or sold anything on the site. Many years ago I may have logged on it as a curiousity. Now I get messages from apparent unhappy customers who say they were ripped off by me, and messages that my identity appears to be accessed from a foreign source. Recently I get messages that I am a memeber of some club on ebay for doing so good. I filter them as spam now because reporting them as fraud and possibly philsing did no apparent good.

As an ebay seller who has reached "Powerseller" status, I can definitely relate to the above story. We were the victims of a hacker recently who took it upon himself/herself to list several high priced items which we obviously did not have. ebay was good about putting an immediate stop to it, however with so many hackers out there I truly believe it is impossible to police this activity 24/7. We are very good at detecting fake emails from ebay or paypal, which we receive on a regular basis. I am convinced it had to be done internally.

No matter what security you bring to a network open to public access, there will always be a way to circumvent that security. The ONLY way this can be checked is by vigorous policing by live 'white hats' and DAILY changes to ebay staff login and user IDs, where security databases are separated by multiple physical partitions from the that network. EBAY will continue to fail in its security , and to a more serious degree, until they increase (geometricly) the number of beating hearts physically minding the site. Perhaps they should be offering baldwin a job. Haha.

I am not an eBay customer yet, but thanks to your article, I'll be a little more careful of who I buy from.

My sister was hit in late January, early February by hackers on her Ebay account. They charged up over $1500 and then her bank hit her for an additional $200 in overdraft charges. Fortunately she was able to get the overdrafts reversed & the money refunded but it will be months before we can see how her credit has been affected. Be vigilant on watching your accounts & try not to use the same passwords/logins is what we learned by this fiasco.

There are alot of people taking advantage of Ebay. Many sellers use Ebay to scam buyers in goods and overcharge for shipping.

There are alot of people taking advantage of Ebay. Many sellers use Ebay to scam buyers in goods and overcharge for shipping.

I certainly have notice a sharp increase in E-bay phishing emails recently. It is certainly a concern. I only buy.

Fellow eBayers, beware of the most current phishing scheme...while attempting to login the normal way, you may be greeted by a scam page pretending to be a way to prevent fraud. It will ask you for all kinds of information you should not divulge.

Keep going back to the original login page and eventually you will get through to your account without having to enter this information. It looks so much like a regular eBay page, don't be fooled!

My account was was broken into last year.I still can't find out from E-Bay how it happened.I had just recieved a gold star for buying/selling(no,I didn't put it on my forehead).I can't seem to get E-Bay to transfer my credits to the new account I had to open.Communications between myself and E-Bay is very frustrating.They don't understand my problem or English.

I believe that guy or group of people have taken over accounts. My wife bid on a school book along with 3 others only to find out too late that the person with the book did not even exist. To make it worse ebay and paypal say that unless they can prove it was fraud all of us are just going to be out the money. We no longer deal with ebay in any way fashion or form it has gotten out of hand.

Ebay is literally overwhelmed with fraudulent activity and seems to try harder to hide it than to fight it. This appears to be the easier and more lucrative strategy for them. One simple example is that for items with a Best Offer option, anyone can see the list of offer makers. I have been hit with this scam as a scammer then proceeds to contact the offer makers (claiming to be me) and makes them very low counteroffers (with no intention of ever shipping anything). I have been contacted by numerous people who have been taken by this scam. When I contacted Ebay, they had me on hold for about an hour then blocked ME from contacting my offer makers and warning them. I was told to "ignore these fraudulent offers".

my ebay account was taken over last year by a hacker who mailed threatening envoices to thousands of ebay customers,i called e bay repeatedly,i gave them hundreds of emails, i wasted hundreds of hours and what did ebay do???? they sent me an email suspending my account because "I" was engaged in fraudulant activity, after repeated call's to ebay explaining that i was the victim &asking them to look at their phone logs regarding how many times i called, i just opened a new account... ebay sucks and they down play the massive problems with their site. go to any ebay high dollar auction (classic cars, motorcycles) and you will see hundreds of scam listings at too good to be true "buy it now prices" ebay refuses to do anything about these and their customers lose millions of $$$ . ebay SUCKS.

It is interesting that after making purchases for the first time on ebay before Christmas I was the victim of identity theft and fraudulent charges were attempted on my credit card attempting to wire money to (of all places...ROMANIA!). I cancelled my credit card and will no longer make purchases on ebay!

I agrre that there has been a rise, but ebay and paypal make the buyer prove the fake dvds and sometimes fake clothing if they live where there is no way to prove it the buyer loses. and if it is proven the buyer still loses shipping. No story IT HAPPENED TO ME and my sister once each. I looked and the seller was still there two weeks later same thing listed and same user name. As a result I have reduced how much I am on ebay and I talk to the sellers and keep all emails.

Once the other way around A buyer lied and ebay charged back a sell without notifying the seller and the seller had to go to an off site company to get the money back as ebay did nothing. the buyer in this case had many items they never recieved and got their money back. Who is watching Ebay???? Good oppertunities, but a high risk... bad as stock market.

I too have noticed a sharp increase in hijacked accounts offering mostly high-end electronics in ebay auctions. However they are relatively easy to spot. They almost all have an email address in the listing, have absurdly low prices and are usually only 1 day auctions. Perhaps ebay will have to use the same techniques as newsgroups in monitoring the listings by having someone actually verify it's validity before it is posted.

I've been a member of eBay for three years and when I first joined I noticed that the site I frequented most, eBay motors, was polluted with obviously fradulent listings. They seem to ebb and flow but lately it has become ridiculous with the hackers posting nude pictures in the listings gallery feature. My account has been hijacked twice and fortunately I didn't lose anything. I have communicated my concerns to ebay but they seem to take the position of an ostrich, as if by ignoring it it would go away. I am careful (as everyone must be online) but the hackers are insidious in their methods used in phishing to steal users information. I think if eBay cannot bring this under control soon they are poised to take a big financial hit as confidence in thier site will be irreparably damaged.

Ebay is literally overwhelmed with fraudulent activity and seems to try harder to hide it than to fight it. This appears to be the easier and more lucrative strategy for them. One simple example is that for items with a Best Offer option, anyone can see the list of offer makers. I have been hit with this scam as a scammer then proceeds to contact the offer makers (claiming to be me) and makes them very low counteroffers (with no intention of ever shipping anything). I have been contacted by numerous people who have been taken by this scam. When I contacted Ebay, they had me on hold for about an hour then blocked ME from contacting my offer makers and warning them. I was told to "ignore these fraudulent offers".

I get frequent fake "spoof" emails supposedly from ebay, that tell me my account is going to be closed, or that I am now a power seller. Since I do mostly buying, and know my account is in perfect standing I just forward these to ebay as spoofs. If you use common sense you can easily identify them.

Would you expect e-bay to admit they have a problem?? Com-on!

My account was hacked in January, however not to sell items- I woke up to hundreds of e-mails that I had supposedly bid on and/or won. Dealing with eBay's customer service to rectify the situation was a joke- they told me they couldn't cancel the "bids" internally, I had to contact all the sellers myself, nor would they delete my account until everything was squared away. After spending three weeks contacting sellers I had supposedly "bid" on items from (mostly from Europe, incidentally) and still getting nowhere (many of them apparently didn't speak English), I gave up and put any e-mails coming from eBay onto my blocked list. I then changed my eBay log-in to a random bunch of keys I hit on my keyboard without looking, logged out, and thus ends my association with eBay. I will never use their service again.

Vincent

I guy with a forgein name hijacked my ebay account about 8 months ago. In the two days that this guy had 'sold' items, i incurred a couple hundred dollars of fees from ebay who to this day has yet to talk to me through the phone or re-imburse me the money.

All I get from ebay is generic emails of security proceedures (like it was my fault), changing my password and urgent to pay my bill notices. I finally closed my checking account. Ebay - no way!

As a seller, this is scary stuff.

Bob, aren't eBay and Paypal linked very tightly at the hip?

If one has been hacked into, how far away is the other from being compromised via the internal hooks from eBay?

Hardly a day goes by but I get a phony Ebay message. I forward all of them to spoof@Ebay.com, with the full (not abbreviated) return address of the contact. Ebay takes over from there, always thanking me for sending along the phishing info.

I don't know if it is related, but I have always had good luck with E-Bay until recently. I was watching an item, but never had I actually bid on the item. Next thing I know, I'm told I'm the winning bidder? I contacted the seller that I had not bid on the item. He agreed with me that I had not bid and that there was a problem on e-bay end! MAKES ME VERY HESITANT TO EVER BID ON AN ITEM AGAIN FROM E-BAY!

A bidder won in one of my auction and I received a notice from PAYPAL (owned by EBay) that he had paid. The trouble is, when I went to that account....no monies. I gave notice to the winner who stalled for over a month and next was informed by PAYPAL that they were returning his money from my PAYPAL account. When I ask them to look and they would be able to see that I wasn't paid NOTHING HAPPENED. So scamming goes on in many levels on EBay.

My ebay account was used to sell non-existing items, 4 times, 1st time was more then 1 year ago. The reality is, my account (as far aas i know was not corrupted or info gathered with the exception of using my 100% feedback rating to attract buyers to his scam. I am at a lost to understand why Ebay and the billions they make especially since raising there prices to sell can't afford to hire someone who is at least as clever as Vladuz. I lost no money and no info was tampered with. In a way i am glad this Vladuz is a pain in Ebays wealthy butt, Ebay is getting greedy, there are many unhappy Ebayers that i know and this unhappiness has nothing to do with Vladuz but rather Ebays increasing fee's and what seems to there attempt to have we ebayers have the responsibility of running there business.. You'd have to be an ebayer to understand.

I have never used e-bay w/o being scammed. E-bay doesn't need an outside hacker to mess the site up. Their unscruptulous sellers do a good enough job of it. Buyer beware. Hackers or not I would recommend anyone to stay away from this site at all cost. It's a phishers dream. E-bay has no face to it's customer service and if you are done injustice on the site chances are you're just screwed. I think they're getting exactly what they deserve! My 2 cents.

Ms. Baldwin is RIGHT ON THE MONEY...Predictably, eBay is 'circling the wagons' and dispatching the MD's of SPIN, DAMGAGE CONTROL & DENIABILITY...Please note for future reference the web address is changing from www.eBay.com to www.vBay.com...BUYERS & SELLERS BEWARE!

Ebay are the biggest frauds here. I purchased a guitar on ebay for a 'second chance offer' throuhg my email..and yes it WAS through ebay. The seller did not deliver. turns out he scammed nmany people with over 20-yes 20 different accounts and ebay knew who it was all the time. Police detective in the case told me that ebay did NOT want to tell him this info. Who are the real crooks and frauds here?

My company used to sell on eBay almost every day but dealing with all the scams and phishing took way too much time. And eBay does NOTHING to help sellers or buyers in these regards. All they do is shirk responsibility and tell you to deal with local authorities. It's amazing the billions of dollars they've made off fraudulent activities. They have no reason to protect us.

I regularly sell items on eBay and receive at least one phishing email ever week or two attempting to obtain my eBay account password. I always report the email to eBay and, by tracking the originating IP address of the email, the ISP of origin. The vast majority of these emails originate from ISPs in China and Eastern Europe. However, last week I received a phishing email that originated from an eBay corporate server, which would appear to contradict the statements of the eBay spokesman quoted in the article.

I had just been hit with a significant fraudulent charge through PayPal, on top of having several problems arise with Ebay fraud. I am now done with both, since they don't seem to care about individuals being scammed, only their reputation, which I now hope, is scarred hereforth.

As a huge FEEbay seller, this is another example of FEEbay denying what is happening. FEEBay does NOT care about people, only profits. Their service is LAUGHABLE at best, and my company that I own has sold approximately 25,000 items on FEEbay. The FEEbay propaganda machine is huge with attorneys behind their every step and a face smiling denying everything to keep profits raking in. Pitiful and a shame how low FEEbay goes to cover the truth. Fraud is on the rise and we have seen a LOT of accounts hijacked lately on FEEbay, a sharp increase over the usual hijacking attributed to phishing schemes.

Having telephone service would not improve ebay, because ebay would just hire call centers in China and Romania... so you'd being trying tor esolve fraud with people who probably work for ExComMob (Ex-Communist mafia)

I am a seller with afew stars here and there and no negative feedback, I recently opened my doors to the overseas market as it appears I can get bids almost 24 hours a day now, however I have three auctions that finished and the buyers are nowhere to be found. It says they are from France and bulgaria, is there anyway they can get my info or are they just flakes?

Never a word from e-bay this was going on. Not burned yet so it may be time to leave

VLADUZ is an amatuer, and all of you who claim to have had your eBay or Paypal accounts "hacked" probably gave up your information quite willingly and easily.

I teach a college-level introduction to IT security course, and in the 1st week I teach my students 3 things: (1) how to crack passwords, (2) how to spoof web sites, and (3) how to use "social engineering". That is all VLADUZ has done here. And lest you think I'm somehow "contributing" to the problem, I'd advise you to read the following:

http://en.wikipedia.org/wiki/Social_engineering_%28security%29

http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?z=y&EAN=9780072260816&itm=29#pDetails

This is my take on EBAY. A year ago, I won an auction for the XBOX 360 with almost all the accessories with it. I paid for the item and never recieved a thing. I paid a total of $850 and to this day nothing has been resolved. Ebay didn't do jack. They offered a 200 dollar compensation minus a $25 charge for the service they would provide me with. Are you kidding me? Ebay is a scam and I advise anyone who uses ebay to boycot it at once. Thats the only way anything will get resolved.

I constantly get phishing messages asking to enter my personal Ebay info. I also get messages asking me to OK another ID on my PayPal acct.

I'm glad I read this article. I have been thinking of starting an ebay store to sell my handmade jewelry, but not now!

I sure agree i have been an ebay seller for a year ad a former paypal customer for 6 months. you see ebay owns paypal but does nothing to control it. I inadvertantly listed some " mystery envelope auctions" that became very popular i was selling dozens of them a day for about 4 dollars. the buyer received the contents of the envelope for free the envelope itself is what was being purcased. I guess paypal determined this to be a lottery of sorts and asked me to cancel the auctions with the threat of losing my account. I did so immediatly. About four days later two people (slow payers) paid through paypal for envelope auctions they had won before the cancelation of the auctions. Paypal closed my account Ebay would do nothing either even thouh i sent them copies of the emails, the date i ended the auction, the date these people won their auctions (before the warning) and the date they paid for them ( after the warning) all i got was dozens of form letters and a permanent non appealable closure of my account. So I wrote this small rant to let people know that ebay and paypal are good at blocking honest sellers who (possibly) made a minor mistake and who are willing to communicate and it seems that they do a wonderful job protecting the identities of the real fraudsters. Don't forget their fees are collected if the transaction occurs and i guarantee you that most of these cases go unreported. so the incentive to do much about this is not