View Full Version : EBay users heads up !!warning!!!

12-05-2006, 04:36 AM
I had some unauthorized people under my account.

Saw this on another board, its worth checking out, I had some unauthorized people under my account.

If you guys have eBay accounts, go to your account info and hit preferences. scroll down and check out the third party section. It should be empty unless you have someone on there. I checked mine and had 5 of the sneaky bastards that got on there, donít know how they got there but they were. you can delete all the scammers by going to preferences, go to third party and click revoke if there are any you donít want, just go over to the right. just follow the instructions and delete them. Just thought I'd pass it along I was surprised to see unauthorized people in my account.

12-05-2006, 09:30 AM
thanks for that tip. Fortunately, for me, I had none, but will still keep an eye on that.:thumbsup:

12-05-2006, 09:30 AM
The most common cause is bogus emails that claim to be E-Bay asking you to login, but in turn its a maliscious site collecting your login info.

Good rule of thumb, any time you get an email claiming to be E-Bay, your bank, any other account you hold, and it says that there is a problem and you need to log in by clicking a link, DON'T.

If you have concerns, close the email, open a new browser window, and log in to the account by navigating to the site yourself and see if there is a problem with the account. Or, you can contact the institution via a phone number on printed literature that you have or on the number on the official website (not on the number with the email you received).

12-05-2006, 09:50 AM
yeah, I never believe those emails. Ebay, Paypal are the most common.

12-05-2006, 11:15 AM
FWIW, if you forward those e-mails to spoof@ebay.com or paypal.com, they check them, let you know if they really sent them and it helps them identify the BAST*RDS.

12-06-2006, 12:29 AM
Iím glad to help!!! I know we all like to do a little Christmas shopping on eBay and its so easy to get scammed on there.

Get this!! I posted my warning on a few eBay community forums that I frequent and one of the eBay Moderation Team Members revoked all my privileges of posting on any eBay board or groups, for a period of seven (7) days. I donít get it??? Getting revoked for helping people.

Here is a list of certified 3rd party applications allowed by eBay.
http://developer.ebay.com/certifiedp...r/catalog.aspx (http://developer.ebay.com/certifiedprovider/catalog.aspx)


12-06-2006, 01:22 AM
These authorizations will only show up if you used the services (even a free trial). Don't treat this like the end of the world... you had to use the service for it to get put in third-party authorizations.

Example, if you had participated in the sweepstakes in May, you would've had that listed as a 'third party authorization'. And just in case you didn't know, Andale, Bonfire Media LLC, Infopia, Auctionhouse, and ChannelAdvisor (and probably AuctionWorks and Zoovy) and others are all legitimate companies that provide eBay related services. It's not like they're hackers performing identity theft. Please make sure you're informed of what you're talking about before spreading misinformation.

Thereís a very good chance all of us inadvertently agreed to this. Seems to me eBay had a big revision of their TOS agreement about 1.5 to 2 years ago, which we had to agree to for continuation of our accounts.

Very likely this 3rd party access issue was part of that revised agreement and we didn't see it. Honestly, how many of us take the time to read all the fine print. Plus it is not as though they list the new changes to the TOS in bold letters at the top. Probably somewhere near the bottom in lawyer speak.

When using an alternative checkout, which is what many of these 3rd party authorizations are all about, were you asked in any way if you grant concerned party access to your account in any way? A check box, agreement screen, or the like?

In any event ... I do NOT think anyone should have access without our expressed consent. Pretty sure everyone here can agree with that.

Do third-party services need my eBay password?

Software and websites that use the official eBay API do not require your eBay password. Instead, they use a system eBay call Auth&Auth ("Authorization & Authentication"), which allows them to access eBay on your behalf.

The first step of the Auth&Auth process usually occurs during registration with the service, when you will be directed to eBay and give your permission for them to act on your behalf. Note that you do not give your password directly to the service here, but simply log into the normal eBay site - which you can verify by checking the URL in the address bar, or by using the eBay Toolbar.

eBay provides the third-party service with a "token" (which looks like a piece of gibberish text). When they access eBay for you they use this token instead of your password to prove that they have your permission. The token expires after a period of time, typically 18 months, when you give your approval again and the token is renewed.

You can check which services currently have your permission on the eBay site: in My eBay click on "Preferences" under the Account heading, scroll down to "Third-party authorizations" near the bottom of the page, and click "Show" to expand the section. Here you will see any services that you have already given your authorization to. It is not unusual to see the same provider listed more than once, because authorization is on a per-tool, not a per-company basis.

To revoke an authorization, check the appropriate box then click "Apply", but be careful that you are not removing permission for a service that you are currently using. If you do revoke an authorization by accident, visit the third-party service's website where you should be able to set it up afresh.

There are many services that do not use the eBay API - see "What is the eBay API?" in AuctionBytes Update #150 for more information. These services often do require your password, so carry a greater risk of your account being compromised if the provider is hacked. To reduce the risk, choose a secure eBay password that you do not use on other sites, and only give it to a third party if you have complete confidence in them and their site's security.

Source: http://auctionbytes.com/cab/abu/y205/m10/abu0152/s05 (http://auctionbytes.com/cab/abu/y205/m10/abu0152/s05)

The different ways of looking at these authorizations:

The Good:

<DIR><DIR>eBay grants legitimate, auction-related companies restricted access to your account only when you give them permission.


The Bad:

<DIR><DIR>Most eBay users apparently have no clue if/when they are granting someone third-party access to their account. And eBay doesn't notify you when a third party authorization is added to your account.


The Ugly:

<DIR><DIR>Scammers can attach authorizations to your account through phishing schemes or other scams and you won't know it unless you look for them.


Sounds like a good idea to check authorizations regularly, and revoke any that you don't recognize...especially after purchasing something using a third party checkout service.