Posted by mjoann on 09/27/07 01:22

Kris Baker wrote:
> According to eBay, the credit card numbers that were posted
> did NOT correspond to the credit cards on file on either eBay
> or PayPal. That doesn't mean that they weren't a user's
> regular cards, only that the data was likely accumulated phish
> attempts. That's why they are *calling* members.

That's according to eBay though. It is in their best interests to
protect themselves and deny any responsibility.
That's what they do best. Considering that some of the info was
captured on screen sheets and videos, it probably isn't a good idea to
admit that those were valid credit cards on file with eBay.
I've seen a number of posts on various non-eBay sites and on the eBay
forums from people claiming they were now seeing fraudulent charges on
the cards they had on file.
Of course those aren't verified stories, but they aren't proven wrong
either.

I actually experienced a pretty obvious eBay security glitch at one
point a couple years ago. I even posted about it here at that time.
eBay completely denied any responsibility and left the users to fend
for themselves.
Here's what happened: I was logged into my account and looking at my
auction activity. Then I started browsing the stores for some items I
wanted to purchase. I did a BIN on two items, and after the second one
I realized it said "Congratulations" but it didn't have my user name-
it was someone else's! At no point did I log out of my account or
leave eBay.
I tried "my eBay" and sure enough, I was looking at someone else's
account. I immediately logged out then logged back into my account. My
BINs were definitely NOT in my account, but when I looked at the other
name's recent bids, there they were. I then used live help to let eBay
know what happened. They acted confused and insisted that someone else
must have been using my computer and eBay. This went on for over an
hour and I chatted with numerous people. All of them insisted that
eBay was blameless and that I must have been sharing my computer with
that other user.
BUT, I had been home alone the entire day, we hadn't had guests in
months, no one ever used my computer but me, I didn't know the person
with the other user name, and that user's sales showed they were in
another state. The only answer was that something was very wrong with
eBay's security and somehow, in the middle of my browsing, I was
transported into someone else's account.
Since eBay denied responsibility and insisted that some stranger must
have flown across the country, entered my house and logged into eBay
on my computer, the seller, the "buyer" and I were left with the
results. Actually, I was because the other two didn't know what
happened. I knew that the "buyer" was going to be mad when the seller
started asking for payment and I knew that the seller was going to
think they were lying and file an NPB, so I contacted each and tried
to explain what happened. I think they both thought I was some crazy
person trying to interfere with sales, but someone had to give them a
head's up before they each accused the other of lying.

After that incident, I learned that eBay is too big and too corporate
to ever admit a serious mistake or security breach. Apparently they
make so much money, that losing a few little customers isn't a big
deal, so they choose to ignore problems.

[Back to original message]