Home U.S. Coin Forum

So, I just got off the phone with eBay regarding the security problem I had this weekend.....VERY SC

RampageRampage Posts: 9,489 ✭✭✭✭✭
in U.S. Coin Forum
I inquired about why when I would put my password in, a screen would come up with the 4 digits and say my user info was not valid. Their answer??

According to the lady I spoke with, if you try to input your password too many times incorrectly, then this security measure takes place. I told her I never make mistakes and that I am perfect. image Just kidding. I told here when I log on, I click the box that says keep me logged in so I do not have to keep logging in.

While I was on the phone, she was able to tell me that on Saturday, which is when this happened, I or someone (I know it was the someone), tried to log onto my account 274 times! Each of those times was an unsuccessful log-in which is why the security took place. She had me try to log on while I was on the phone with her and it no longer did it. She said it usually stops that measure after 24 hours.

Just something for people to think about. I think it is very scary!

Regards, Richard.

Comments

  • MadMartyMadMarty Posts: 16,697 ✭✭✭
    Sounds like someone wanted to go shopping!
    It is not exactly cheating, I prefer to consider it creative problem solving!!!

  • tjkilliantjkillian Posts: 5,578 ✭✭✭
    Did they really want to go shopping or did they really want to go selling? By hijacking an account, they could create lots of fake auctions, take the money, leaving the account holder holding the bag for all of the items.

    Tom
    Tom

  • krankykranky Posts: 8,709 ✭✭✭
    I'm sure people try to crack ebay passwords all the time.

    Your best protection is to use a password of random characters, and make sure you don't use the same password on any other site. A password like %87zj#@&H would be darn near impossible to guess.

    New collectors, please educate yourself before spending money on coins; there are people who believe that using numismatic knowledge to rip the naïve is what this hobby is all about.

  • RussRuss Posts: 48,514 ✭✭✭
    Richard,

    Did they give you any indication of the timespan within which the 274 attempts occurred? If it was over a lengthy period of time, indicating it was done manually, it was likely just some idiot and it's little to worry about. If it happened within a span of a minute or two, indicating a 'bot or a script engaging in a brute force attempt, could be a bit more of a concern.

    Russ, NCNE
    eBay consignment sales | | Collectibles from Resco CCC
  • cachemancacheman Posts: 3,118 ✭✭✭
    I am interested in learning how you got in touch with a warm body at ebay in the first place......
    karlgoetz.com
    karlgoetzmedals.com
    secessionistmedals.com
  • RampageRampage Posts: 9,489 ✭✭✭✭✭
    Cacheman.......in regards to your post, see my post I posted this weekend with regards to the same question. This security measure spawned that post.

    Russ.......The lady I spoke with did not give a time frame other than it had happened that day. Now, I was trying to log on at about 8:00 in the morning. So, whatever that means, who knows.

    I now changed my password to include more special characters than I had before. Before, I had two special characters and now I have 4.

    But, after 274 guesses, if they did not guess it by then, then I doubt they ever would have.
  • RampageRampage Posts: 9,489 ✭✭✭✭✭
    And yes, I would assume they wanted access for the reason mentioned by TJ. All you can do as a buyer is bid on a bunch of stuff and then not pay.

    As a seller, I have 100% positive out of 355 +/- transactions with the majority being as a seller. The could list high dollar items, have the money sent to them, and then run leaving me to deal with it.
  • kieferscoinskieferscoins Posts: 10,017
    I wonder how many coin collectors put their password as "coins"?

    Cameron Kiefer
  • NumisEdNumisEd Posts: 1,336
    Cameron,

    That is one FUNNY image in your sig line. Thanks!
  • smprfismprfi Posts: 874
    Richard are you happy with there security measures?
    My Ebay Auctions
  • RampageRampage Posts: 9,489 ✭✭✭✭✭
    smprfi---

    I would have to say yes, I am happy with the security measure now that I know it only last 24 hours. In other words, if someone is trying to hack my account, then this measure is a good measure, although I originally did not know what to think about it.

    Someone mentioned that they might be watching what I search for, bid on, etc. just as a survey, because that is what someone else thought.

    I did not like that because it is not anyone's business what kind of stuff I am looking up or bidding on. But, now that I know it was for the reason mentioned, then I am fine with that. image I guess.

    Richard.
  • RampageRampage Posts: 9,489 ✭✭✭✭✭
    Let me clarify to say that I am glad they are giving me some kind of protection. image I would rather have to input several numbers many times a day rather than having to deal with some crook that hijacked my account and sold bogus items and stole money.
  • BarryBarry Posts: 10,100 ✭✭✭


    << <i>A password like %87zj#@&amp;H would be darn near impossible to guess. >>


    Damn - now I have to change my password! image
  • braddickbraddick Posts: 24,221 ✭✭✭✭✭
    You would think eBay would be set up like our computers at work: After three attempts, if you continue to log in an incorrect password you're SOL for something like 30 minutes.

    Even hotmail shuts down your account, temporarily, if you attempt an incorrect password 12 times and fail.
    ATMs do this too with your PIN. After so many (single digit, I believe) attempts your card is sucked up into the machine!

    Really, who doesn't on ocassion mess up and need to retype a password, but then who messes it up ten times in a row?

    peacockcoins

  • DeadhorseDeadhorse Posts: 3,720
    Real crackers don't guess passwords. They may take what they think is a familiar stab at it but then they will use a software program to generate similar type passwords. Of course they can choose to go with random passes.

    If the software is interfaced with their web browser(and they are no doubt proxied at the time)then the software will type in the password attempt and hit enter faster than most of us could type cat.

    It's not that hard to develop a proggie that will attempt and re-attempt the log-on without additional input from the user. In fact, it could be attempting the same thing on several different accounts at the same time.

    eBay has very, very good security and the numbers you mentioned will bamboozle the cracker program. At least untill they figure a way around that.

    While I don't know about eBay in particular, I'd wager that they put quite a large amount of their capitol into security, without that they would be out of business.

    Yeah, I'm an IT guy, but some of us do wear white hats.
    "Lenin is certainly right. There is no subtler or more severe means of overturning the existing basis of society(destroy capitalism) than to debauch the currency. The process engages all the hidden forces of economic law on the side of destruction, and it does it in a manner which not one man in a million is able to diagnose."
    John Marnard Keynes, The Economic Consequences of the Peace, 1920, page 235ff
  • NumisEdNumisEd Posts: 1,336
    This gives me the willys! How can we defend ourselves? Isn't there anyplace safe any more?
  • clackamasclackamas Posts: 5,615
    Change your password again just in case they actually got it correct. use at least 1 numeric digit and I always like to use a non standard character like "^" as well.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Format
SpoilerCodeQuote
Heading 2Heading 1
Emoji
:):D:(;):/:o:s:p:'(:|B):#:*<3o:)>:)
Url
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file
Home U.S. Coin ForumComment As ...