eBay on Friday announced that a known fraudster, Vladuz, managed to hack into an old administrative menu system on eBay and suspended several eBay accounts. Actually, they specificall said he DID NOT hack in to any of eBay’s systems, but rather “he did this by accessing externally visible servers” said eBay spokeswoman Sharpe. This was initially reported by AuctionBytes on Saturday in Hacker Vladuz Accesses eBay Servers, Suspends Accounts but I am SURE many of these sellers spent a long time trying to figure out what happened and then trying to recover from everything that does happen when your account goes NARU.
Of course when this happens (and it happened to us, twice, by mistake), the steps to take are many, and are for another post, but in short what not to do are all the items on eBay’s list of don’ts, even if you know for a fact that you are correct, it will only make things worse to go against the grain if you want your account restored eventually. Especially when eBay tells you they don’t make mistakes like this, like they did in our case, it still didn’t matter that, yes, they actually do (and did) make mistakes.
What never seems to take place is a financial resolution to the sellers when these mistakes happen. This is VERY hard on some of these small companies that did nothing wrong and they basically have to start over. Even just one hour of a suspended account closes all your listings which means your sales for a full week are over. I would like to see what would happen if eBay had to tell its stockholders that a weeks revenue did not exist any more. It wouldn’t go over well for them, but they would survive without much personal consequences, unlike their seller account holders.
It seems that this incident started in the normal way, a post to the forums, and off went the train wreck. As mentioned above, apparently this wasn’t the first time Vladuz had made it into the ebay systems. AuctionBytes reported in eBay Denies Security Breach after User Information Exposed when they asked eBay about it, but they denied he was the issue.
When asked if the “malicious fraudster,” as eBay called the person behind the incident, might have been Vladuz, Sharpe said, “At this stage we are not confirming the identity of the fraudster.” Last December, someone calling himself Vladuz began making claims that he had hacked into eBay, a claim eBay has denied. Some eBay users remain adamant in their belief that Vladuz has successfully hacked eBay.
Then, later a post to the Chatter called Trust & Safety forums issue this morning explained it in a little different detail.
Very early this morning, a malicious fraudster posted on the Trust & Safety forum on eBay.com posing as approximately 1,200 eBay users. The fraudster made these posts in a way that was intended to appear as though he logged in with their accounts. The posts contained name and contact information, which appears to be valid, and could have been secured as part of an account take over.
Well, now we finally have the “real” story of how it happened (uh-hu), when once again AuctionBytes reported this morning in eBay Explains Security Hole Used by Hacker where an appology from eBay on their forums said it was caused by an old administrative login area that is not corrected. The best quote I found on the topic of this security breach on eBay’s systems was from PC World, Hacker Breaks Into eBay Server, Locks Users Out, where they quoted eBay spokeswoman Nichola Sharpe where she said the issue was corrected before any permanent damage was done. I bet you she didn’t talk to the 1200 people that Vladuz actually shut down. When an eBay account is suspended, damage is done, let there by no mistake about that.
We were able to block the fraudster quickly before any permanent damage had been done. At no point did the fraudster get any access to financial information or other sensitive information,” eBay spokeswoman Nichola Sharpe said via e-mail.
EBay has “secured and restored” the affected accounts and is calling the affected users, she said, without specifying how many accounts the hacker accessed and tinkered with.
I wish all the best to the sellers who’s accounts were on the hit list. I know how you feel, and so do many others that for one reason or another have seen that NARU’d email with your name on it. The second time our account was “secured and restored” within about 12 hours. We lost $8,000 in potential revenue that week.