Omega Owners Forum
Chat Area => General Discussion Area => Topic started by: JamesV6CDX on 09 April 2017, 20:20:51
-
couple of days ago I listed my Omega for sale on ebay.
creating the listing presented no issues and I started to receive bids and such.
I tried to log in, in the early hours of this morning, and "password incorrect". It most definitely wasn't incorrect.
I followed the password reset process which allowed me to log in. Upon doing so, there was a message on my account "unauthorised activity has been detected, please reset your passwords blah blah - and more annoyingly, my listing had been pulled by ebay over this "security breach".
How could it have been compromised? Is that what happened? Nothing was purchased or sold. My password was very complex and I have not responded to any "phishing" emails or similar.
Any ideas I'd be v grateful. I have, thankfully, been able to change my password and relist it! :y
-
Slightly on topic, i see that Wonga have had a load of customers details compromised. It,s a dodgy old web out there. Can you trust anyone to look after your details?
-
Probably IP related, have you logged in using public WiFi, Hotspot.
-
Can you trust anyone to look after your details?
No.
-
My password was very complex
Complex for humans or complex for computers? The two are not the same ;) 8 random characters can be brute forced a lot quicker than "thisisareallylongpassword"
Probably not a case of brute force, though, as sites like eBay employ a lot of smarts to try and detect that kind of thing. As Zirk says, if you've ever browsed via public wifi without a VPN then consider everything you've done liable to snooping, for starters. Same goes for mobile data, really, though that's a bit harder and snooping that is usually the purview of the security services.
Also, do you use the same password anywhere else? If so, stick your email address in here - https://haveibeenpwned.com/ - and see if it's ever been in a list of leaked account details. My email address (and password associated with that service), for example, has been pwned at least seven times - Adobe (2013), Dropbox (2012), last.fm (2012), LinkedIn (2016), Modern Business Solutions (2016), Plex (2015) and River City Media (2017).. all through no fault of my own (see earlier answer to ronnyd!), and that's only the breaches that are public knowledge..
-
And precisely why you shouldn't use same password for different systems ;). And you;d be surprised how many web applications store passwords in clear text :o.
-
Ah yes, nothing like hitting a "Forgot my password" link and having the site email you back your password in the clear..
a) You shouldn't even know my password in the clear (just a salted, hashed representation you can check an input password against, at best)
b) You just mailed it in a form anyone can read
;D
-
Ah yes, nothing like hitting a "Forgot my password" link and having the site email you back your password in the clear..
a) You shouldn't even know my password in the clear (just a salted, hashed representation you can check an input password against, at best)
b) You just mailed it in a form anyone can read
;D
Exactly, all passwords shoudl always be stored with an undecryptable hash or similar :y
-
In James shoes, I would also be checking my paypal account and any bank account linked to it. ;)
-
In James shoes, I would also be checking my paypal account and any bank account linked to it. ;)
Should only be an issue *IF* he was retarded enough to either use same password, OR to link accounts. Given his background in IT, I know he wouldn't.
-
Something similar happened to me, when I posted a listing for one of my bikes
If you think about it. this only happened when you had an active listing
My understanding is that someone hit the "report this item" option :-\
Ebay immediately pulls your ad & throws up a wall against your account.
I don`t fully understand their reasoning behind this, but only the account holder can reset the P/W & get back in.
The question your left asking yourself is; Who reported my ad & WTF is going on.
I think the unauthorised activity relates to someone objecting to your ad, maybe on the grounds that your car is dodgy in some way.
If you re-post your car ad & it happens again, let us know.