(Alternative title: “Uhhh….. crap?”)
Short version: Someone may have hacked into my eBay account.
First I received this e-mail:
From ended@ebay.com Wed Feb 26 17:47:18 2003
Date: Wed, 26 Feb 2003 17:03:27 PST
From: ended@ebay.com
To: ascheffl@hamusutaa.com
Subject: TKO NOTICE: eBay Auction(s) CancelledDear Andy Scheffler (ascheffl@hamusutaa.com),
We have ended the following auction(s) on your account as they appear to have been listed by a third party without your authorization:
3403761226 Apple PowerBook G4 1GHz – 17″ LCD SuperDriveThank you for your patience in this matter.
Regards, Customer Support (Trust and Safety Department)
eBay Inc
Shortly followed by this one:
From suspension@ebay.com Wed Feb 26 17:47:21 2003
Date: Wed, 26 Feb 2003 17:04:05 PST
From: suspension@ebay.com
To: ascheffl@hamusutaa.com
Subject: TKO NOTICE: eBay Registration Suspension – Misrepresentation of
Identity – ascheffl@hamusutaa.comDear hamusutaa (ascheffl@hamusutaa.com),
Due to recent activity, including possible unauthorized listings placed on your account, we have suspended activity on your account in order to allow us to investigate this matter further. If you believe that this action may have been taken in error, or, if you feel that your account may have been tampered with, please respond to this message so that we can provide additional information and work with you to resolve this issue.
After responding to the message, we ask that you allow at least 72 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.
If you received this notice and you are not the authorized account holder, please be aware that it is in violation of eBay policy to represent oneself as another eBay user. Such action may also be in violation of local, national, and/or international law. eBay is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.
Regards,
Safeharbor Department,
eBay Inc
Now… it’s entirely possible that this is a hoax… but it seems rather legitimate, especially considering that the item in question is indeed cancelled, and there are two others with the exact same title, both cancelled. Two of these (including the one associated with my account) are listed in Australian Dollars.
I’m very curious (and grateful) that eBay caught this. What’s more pressing is that the perpetrator probably did this by guessing my password.
I’m going to let you all in on a “secret.” I reuse passwords. You can all take your jaws off the floor now. Yes, I sign up for so many damn things, that I have a few throw-away passwords that I use for all non-secure stuff. I didn’t realize I still had it on eBay, which is a non-trivial thing if hacked… although still nowhere near my PayPal, Yahoo!, eTrade, LiveJournal… etc. accounts, all of which have unique and harder to guess passwords.
But now, if this stupid throw-away password is compromised (which is probably is), I’m going to need to go to every little pissant message board where I used the same username/password combination and change it. I can even guess how it happened. One of these little message boards used a non-secure/encrypted method of storing passwords and employed a less that honest webmaster… seeing the plain text username/password, he proceeded to try it in a number of various high-profile websites…
I can only assume that this person was going to sell said items, then never pay up, then all of a sudden, three completely random people are getting sued for $900 and they don’t know why.
Closing Note: If anyone sees “Hamusutaa” elsewhere on the net in the near future, and I’m saying something really stupid, it’s not me, it’s whoever stole my password.
(Cool, now I have carte blanche to say stupid things for a while!)
Shit!
I do the same thing. I have a couple reusable passwords that I probably use way too much.
There’s just too much stuff out there to use a new one each time.
I’m a lot more careful with any password that touched mail or a Unix machine, though.
I tend to reuse them too. I didn’t for a while then got totally fucked when I lost my little slip of paper.
I keep meaning to get a little password manage for my visor, (one that can print out a backup hard-copy) Real Soon Now.
Good luck straightening things out. I’m curious as to how eBay decided that the listing wasn’t made by you. I’ve never put something up for sale there, do they send out a confirmation email or something?
Of course, maybe I’m writing to the the evil hamu right now…
o/~ I am evil Hamu
I am evil Hamu… I am evil Hamu o/~
Re: o/~ I am evil Hamu
I want to be able to use secureid with any major website. I would feel a lot better if this was in effect.