Ebay 'viewed items' question

[Tilt]

If anyone can help...........I logged into ebay twice today (2 separate times) and on both occasions noticed items in the left hand side 'viewed items' list, that I haven't viewed

The first time it was 2x i-phones and the second time was golf clubs. I do not think this is normal???

 

Anyone else experienced this, or has sensible advice, please let me know.

 

I have been trying to speed up / clean my laptop very recently, but just one or two abnormalities? such as this.

I also had a notification email from Brisky, which included a loooooooooooooooooong list of links generally sporting gear iirc, from CCMrs01

Edited 24 March, 2017 by Tilt

[Jonny118118]

I'd probably change your password to your account just in case. 

[PirateSyrett]

We experienced something very similar last month just before someone signed us up for £5000 of credit with PayPal and bought a ton of stuff outside of eBay.

 

It's all sorted now, and without loss, but we immediately called our bank to withhold any further payments to PayPal and also changed our password.

 

Although it took just under a month it saved us a whole heap of hassle and damage to credit ratings. I recommend you take similar precautions and change your password as a matter of urgency.

 

Hope this helps....

[Tilt]

3 minutes ago, PirateSyrett said:

We experienced something very similar last month just before someone signed us up for £5000 of credit with PayPal and bought a ton of stuff outside of eBay.

 

It's all sorted now, and without loss, but we immediately called our bank to withhold any further payments to PayPal and also changed our password.

 

Although it took just under a month it saved us a whole heap of hassle and damage to credit ratings. I recommend you take similar precautions and change your password as a matter of urgency.

 

Hope this helps....

Cheers bud

I have already changed my ebay password just in case. But do you know how they gained access to yours?

 

And how were you alerted to the purchases that were made? 

Did you also change your paypal password? and at what stage if so?

[PirateSyrett]

No idea how they accessed it, but yes we changed PayPal password too - we never knew they did credit!

 

Some random signed us up for 4 Dysons and an iPhone (the phone was delivered by FedEx but we rejected it!).

 

We were saved because we noticed odd behaviour and killed the card with Lloyds straight away too.

 

Hope you're safe here too. 

[gadgetman]

Sounds like you use the same password on multiple sites and one of those has been hacked. 

 

NEVER use the same password on multiple sites. 

[Tilt]

14 hours ago, gadgetman said:

Sounds like you use the same password on multiple sites and one of those has been hacked. 

 

NEVER use the same password on multiple sites. 

Hiya gadgetman....If you don't mind helping a little further.....

Admittedly I used the same password as ebay for one other site only, and a good strong password too. How would they(?) get hold of this?

 

I use a different password for paypal and do not store this one on my browser.

And as an administrator do you have any idea on the Brisky notification email mentioned in first post?

 

Any further advice gratefully received, cheers.

[Tilt]

18 hours ago, PirateSyrett said:

No idea how they accessed it, but yes we changed PayPal password too - we never knew they did credit!

Some random signed us up for 4 Dysons and an iPhone (the phone was delivered by FedEx but we rejected it!).

We were saved because we noticed odd behaviour and killed the card with Lloyds straight away too.

Hope you're safe here too. 

Cheers PS.......

Am I correct in thinking, you think they gained access to your ebay account and then your paypal account via ebay?

 

Did you have separate passwords for these two accounts prior to the theft???

[gadgetman]

7 hours ago, Tilt said:

Hiya gadgetman....If you don't mind helping a little further.....

Admittedly I used the same password as ebay for one other site only, and a good strong password too. How would they(?) get hold of this?

 

I use a different password for paypal and do not store this one on my browser.

And as an administrator do you have any idea on the Brisky notification email mentioned in first post?

 

Any further advice gratefully received, cheers.

It was probably a spam post for a topic you've subscribed to receive updates from. 

 

Storing passwords in a browser shouldn't matter. 

 

But as above NEVER use the same password anywhere. No exceptions.

 

Anything sensitive like email, phone accounts (Google, iCloud etc), banking or anything a criminal could spend money on should have the most complex passwords containing a mix of letters, numbers, caps, punctuation eggs Br!sKyP455Wor>

 

If an account offers it, enable 2step verification and ensure sensitive accounts have security measures enabled to alert you to password or personal detail changes, failed logins etc. Most will have this by default, but 

 

There are plenty of guides online on managing passwords and creating a system. 

[gadgetman]

Ebay and PayPal have suffered breaches in recent months as has Hotmail and Yahoo. 

[PirateSyrett]

We had different passwords but still suffered a month offline sorting it out. We're much wiser now and fortunately the education cost nothing...

 

 

Edited 25 March, 2017 by PirateSyrett

[Tilt]

14 hours ago, PirateSyrett said:

We had different passwords but still suffered a month offline sorting it out. We're much wiser now and fortunately the education cost nothing...

 

 

Cheers, but........With a month offline, are you saying it was your computer that was compromised?

 

I ask as this is what I am trying to suss on mine. (you will see other threads of mine in 'tech section')

I had a friends son help with speeding up my laptop (it should be clean, but was just slow / occasional freezing) and whilst he was sorting it he inserted a memory stick before I thought anything of it.

He mentioned about setting up remote control of my laptop so he could check my system easily in the future too.....I declined......but do not know what the memory stick contained?

He is a teenager and I just wondered if he accessed my ebay as a bit of a laugh. (I have asked and he denied).

Edited 26 March, 2017 by Tilt

[Tilt]

14 hours ago, gadgetman said:

It was probably a spam post for a topic you've subscribed to receive updates from. 

Storing passwords in a browser shouldn't matter. 

But as above NEVER use the same password anywhere. No exceptions.

Anything sensitive like email, phone accounts (Google, iCloud etc), banking or anything a criminal could spend money on should have the most complex passwords containing a mix of letters, numbers, caps, punctuation eggs Br!sKyP455Wor>

If an account offers it, enable 2step verification and ensure sensitive accounts have security measures enabled to alert you to password or personal detail changes, failed logins etc. Most will have this by default, but 

There are plenty of guides online on managing passwords and creating a system. 

 

Thanks for that gadgetman.

The password used was very similar to your example. 13 mixed digits long.

 

Is it possible my mates lad (see previous post) has put something on my computer via his memory stick??? and if so should an online scanner find it???

[PirateSyrett]

3 hours ago, Tilt said:

Cheers, but........With a month offline, are you saying it was your computer that was compromised?

 

Not quite. Our computers and iPad worked just fine, but my wife was very grumpy that she couldn't buy anything from eBay until PayPal was straightened out (which took a month!)

 

Saved quite a lot of cash though......

 

:-)

[gadgetman]

Have you reported this to ebay @Tilt? 

[Tilt]

Thanks for your valued assistance and advice guys.

I have not reported it.........got redirected whilst looking into it and their pages advice is changing passwords and just checking all your other details are correct.

 

I have now checked all my details including PayPal and linked items, and there is nothing showing that shouldn't be.

All logged in properly and all details correct. Passwords then changed.

 

I will keep an eye out hopefully without any further anomalies on ebay........

It does seem the issues were ebay and Hotmail.........just more junk than usual in Hotmail.

 

Thanks again.

 

PS probably the best advice not using same passwords even if they are un-guessable, I guess.

[gadgetman]

9 hours ago, Tilt said:

PS probably the best advice not using same passwords even if they are un-guessable, I guess

The issue is once harvested from a site those details will be tested on other sites. 

 

Trouble is these major companies aren't being so kind to their customers about letting them know they've had a breach. An a lot of big companies have been breached in the last few months. 

 

Potentially Icloud has been breached with the Turkish hackers claiming they'll be shutting people out of their accounts, locking  and wiping phones if Apple don't pay up. 

[Tilt]

On ‎26‎/‎03‎/‎2017 at 11:31, Tilt said:

I had a friends son help with speeding up my laptop (it should be clean, but was just slow / occasional freezing) and whilst he was sorting it he inserted a memory stick before I thought anything of it.

He mentioned about setting up remote control of my laptop so he could check my system easily in the future too.....I declined......but do not know what the memory stick contained?

He is a teenager and I just wondered if he accessed my ebay as a bit of a laugh. (I have asked and he denied).

 

Looking a little further into this I read that this is one way a hacker could take over your computer, within seconds.

There is something called a 'Rubber Ducky', and also programs are even being sold very cheaply to set a memory stick to do this automatically once installed, utilising the computers Auto-play. Ref - Schneier on Security. And apparently it remains hidden in 'deleted files'.

 

I only asked him if he had done what he said he wanted to do (set up remote control) and if he had accessed my Ebay.

Unfortunately his defensive reply, and some comments he made - one, that it was "only a memory stick", makes me more suspicious although I do believe there would be no malicious intent.

 

The problem is if it wasn't him, then I could still be in the ****, so still being cautious and could do without the extra stress.

[gadgetman]

What security software are you using? 

[Tilt]

Auto-play meant Auto-run.

I have at least managed to set up a security key for my paypal now. Didn't know you could do it but hopefully it helps.

 

7 minutes ago, gadgetman said:

What security software are you using? 

 

I have gone back to MSE now as they seem to be recommended again......but only to keep a machine clean?

Avast seemed to be giving me some issues and the laptop is a good bit faster now, but these were changed at the same time as the clean up.

Malwarebytes (free) which I use regularly, and I have done an Eset online scan.

Edited 30 March, 2017 by Tilt

[Tilt]

I have turned off the remote desktop connection. Hopefully it stays off.

 

MS say this would be disabled by default, but mine was enabled.

[gadgetman]

If eset says it's clean, then it's highly likely to be clean. 

 

I would avoid MSE or any other free versions. Almost all are inferior to paid options. 

 

If the password was used elsewhere then it was gained via a hack.

 

 

[Jrjg]

Yesterday I went onto my Ebay account on my phone (had been on it via my laptop two nights before) to see 'recently viewed' - half a dozen brown leather hand bags ranging from £80-£200. Now considering I nearly exclusively look on EBay for car parts or outdoor climbing/walking equipment, this came as quite a shock. 

Asked the girlfriend but she doesn't have access my to account and hadn't been on EBay in years. Worrying. 

I have since reset my passwords on both PayPal and eBay. Neither were the same previously. 

I think I will do a full scan on my laptop before logging into anything online again. 

 

JRJG 

[gadgetman]

As I said earlier, raise this with ebay/PayPal. 

[Tilt]

I have looked into contacting Ebay, and read others stories with similar (and some the same) issues and they have commented that Ebay were not very helpful at all, at least in their ability to explain, and not much other than change your password.

 

I have realised now that most Ebay viewing is not secured information, (only the login page and linked payment pages are secure), but this should still not let anyone get into your account.