eBay links and how stupid I was!!

PaulJS

PaulJS

Well-Known Member
Joined
29 May 2007
Messages
1,829
Location
Kirkcudbrightshire or off Saudi
Visit site
This morning I put a post on a thread on this forum where someone was looking for an inflatable sailing dinghy, and as I'd seen one on eBay I added a link to the URL of the relevant page...

I'm sure most of you know what's coming next...

This afternoon I received a notification email from ebay about my change of email address.

Yup, I'd been signed on to ebay when I copied the link, and so anyone who clicked on the link was directed straight into my account, and some "sniping" software got into my details and changed various settings.

Because of the poor mobile internet access out here I'm still struggling, after a twenty-seven minute phone call to ebay (from Saudi) to get this put right, although to give ebay their due, they were pretty fast in suspending my account and no harm has been done. Except to my pride!

I just thought I'd post this to warn any other forumites from making the same mistake, and I guess that it applies to adding links to any websites where you would be signed in.

Signed,

Stoopid

ps. Absolutely no blame directed to the original thread OP, this was all my fault!
 
Last edited:
An ebay link shouldn't have given access to your account, authentication details are usually held in a cookie.

There's a possibility that if, because of the uk law that forces websites to ask if you want cookies, you said "no", it might then have to attach an auth token to every request.

If that is the case, you should accept cookies from websites that you need to login to, because it's a lot easier to steal url details than it is to steal cookies
 
AndyJ76 said:
An ebay link shouldn't have given access to your account, authentication details are usually held in a cookie.

There's a possibility that if, because of the uk law that forces websites to ask if you want cookies, you said "no", it might then have to attach an auth token to every request.

If that is the case, you should accept cookies from websites that you need to login to, because it's a lot easier to steal url details than it is to steal cookies
Click to expand...
That's interesting. So people being wary of the internet may makes themselves more vulnerable rather than safer.
 
Thanks to everyone for replying.
I also just clicked on Nigel's link and it went to my login (even though my account is locked and I can't actually do anything in it!) as well, so it seems that is safe, but the link I posted was from ebay while I was signed in, so I think that must have been my mistake, after all the URL to an ebay item while signed in must be different to the URL of the same item from ebay's home page.
I can't really see it just being a coincidence as I've had an ebay account for over 10 years, and yesterday was the first time I'd posted a link to an ebay page, and despite phoning ebay and getting a URL to get into my account ebay doesn't even recognise my user name now, despite my checking it with them on the phone and by email!
I'll just have to phone when I get home as I'm not spending another 30 quid to listen to numerous helpful messages.
Ah well, at least I can't buy anything else...
 
ithet said:
Did you repond to that message, as that is the one which could have been the fake?
Click to expand...

Not immediately, I checked my ebay first and it was well messed up - new email address, new address, but couldn't sign in to change anything back to what it should have been, and I had the same message in my ebay inbox.

It's only a minor inconvenience, and a very minor worry as the account has been locked down, but apparently I was making last minute bids and ebay twigged that this wasn't my normal behaviour, so many kudos to them.
I just hope that I get everything back to normal as I have (had???) a good ebay reputation...
 
PaulJS said:
Not likely Nigel as my internet access is via my employers server, and believe me they have some pretty strong protection - at last!
Click to expand...

I wouldn't rule out Nigel's suggestion completely. If I set up a site to look like e-Bay and emailed you a link then your employer's server would probably let you access the site. It would block it if the site had been specifically blacklisted but odds are that it wouldn't be (much simplified explanation). Spam filter more likely to pick it up on the company email system but not guaranteed and perhaps you linked via personal web-mail.

Of course I don't think it's a likely scenario as you'd have remembered clicking on a link in an email from e-Bay and mentioned it by now.

It is puzzling though as I don't think there's a difference in a link generated when logged in to e-Bay or just browsing on a random PC without logging in. I'm pretty certain that e-Bay requires cookies when logging in and so tend to discount earlier suggestion about link including a token if cookies are disabled.

It could be coincidence but I'm not a great believer in that. So back to wondering if you might have had any recent emails with links to eBay.
 
You must log in or register to reply here.

Other threads that may be of interest

UK-WOOZY
Autoterm 4kw heater was blowing smoke out into the cabins
Replies
19
Views
500
UK-WOOZY
UK-WOOZY
P
Adding fuses to my batteries
2 3 4
Replies
61
Views
2K
AngusMcDoon
AngusMcDoon

Share this page

Top