This is how Ebay treats a customer of 22 years.

booneruk

PocketWatchMan said:

The ability to bypass (or alternatively intercept) 2FA has been commonplace for years

There's nothing to intercept with proper 2FA methods. SMS needs to be consigned to the dustbin.

soolin

SunMoonStars888 said:

Did you lose £4300 quid to ebay? Or did you charge it back as anyone in their right mind would do while dealing with such a thieving and stalking corporation such as ebay?

The money was never taken so there was nothing g to charge back. OP says

” Finally, after about eleven days they removed the charge of about £4300 off my account ”

metalmick

Hoenir said:

How did somebody manage to hack your account so comprehensively ?  

They got into my Virgin Media account and then went from there. 

metalmick

pramsay13 said:

Were you phished?
eBay have lost £5200 so they are quite rightly more cautious now about your online activity. 
How are you selling 100 items one a personal account?

They did not lose £5200, they held the money from the guy in Songapore and after about five calls from me ebay paid him back. 

metalmick

Hoenir said:

Why would somebody hack a random Ebay account to list a rare £5,000 plus book and manage to sell it. Suspect there's far more to this story. 

Think about it... they have control bona fide account of 22 years with perfect feedback totally nearly 1500...... ?

metalmick

nuffznuff said:

Ebay turns nasty when things go wrong.

Finally, a sensible comment. Strewth! 

metalmick

soolin said:

I'd be interested in how the hack happened- in case there is an issue somewhere. 2FA should be in place - and there's no reports on other groups of a current major issue. 

The last couple of 'hack' stories I've seen ended up being people who knew the victim or used a shared PC or device- rather than a professional hacker bypassing the system. I do try and keep ahead of issues as no company is entirely safe (as M and S have found out) and if needs be pre warned means a user can at least try and protect themselves. 

Indians got into my Virgin Media account and then went from there.... don't ask me, that's all I know. That's not the point. The point is after hours of phone calls and wasted time eBay finally accepted the obvious truth but then completely wiped out 22 years of custom. The ironic thing is every time i called the person said " Hi, I can see you have been with us 22 years, thank you for being a loyal customer! You couldn't make it up! 

Exodi

To be honest it's within a businesses gift to decide who they transact with and they clearly feel the OP poses an intolerable risk to the business.

While we are quick to point the finger at anyone and everyone regarding scams/hacking - ultimately it's not eBay's fault.

Honestly I don't blame eBay for their reaction. IMO OP should be grateful that it sounds like no-one lost money and it wasn't far worse.

metalmick said:

soolin said:

I'd be interested in how the hack happened- in case there is an issue somewhere. 2FA should be in place - and there's no reports on other groups of a current major issue. 

The last couple of 'hack' stories I've seen ended up being people who knew the victim or used a shared PC or device- rather than a professional hacker bypassing the system. I do try and keep ahead of issues as no company is entirely safe (as M and S have found out) and if needs be pre warned means a user can at least try and protect themselves. 

Indians got into my Virgin Media account and then went from there.... don't ask me, that's all I know. That's not the point. The point is after hours of phone calls and wasted time eBay finally accepted the obvious truth but then completely wiped out 22 years of custom. The ironic thing is every time i called the person said " Hi, I can see you have been with us 22 years, thank you for being a loyal customer! You couldn't make it up! 

I presume you have your email with Virgin Media so effectively they had access to your email address (as opposed to them only being able to check your broadband speed).

Did you have 2FA set up? I suspect not - maybe worth thinking about an authenticator app.

It seems it ended up relatively well, to be honest I don't understand the attitude you have towards eBay one bit, it feels a bit as if you're venting your frustration at them for your hacking. It would be crazy for them to continue transacting with an account that almost lost them ~£5k.

RFW

metalmick said:

soolin said:

I'd be interested in how the hack happened- in case there is an issue somewhere. 2FA should be in place - and there's no reports on other groups of a current major issue. 

The last couple of 'hack' stories I've seen ended up being people who knew the victim or used a shared PC or device- rather than a professional hacker bypassing the system. I do try and keep ahead of issues as no company is entirely safe (as M and S have found out) and if needs be pre warned means a user can at least try and protect themselves. 

Indians got into my Virgin Media account and then went from there.... don't ask me, that's all I know. That's not the point.

I'm afraid it is the point. If you can let Ebay know how it happened they'd probably consider that it couldn't happen again. For all they know it could be someone you know using your account or you've left your laptop open in a cafe or whatever.
I doubt any of us are safe from being hacked or cloned but if I was I'm fairly sure I'd know how it happened or be able to find out quite quickly.
I'm a bit confused as to what happened with Virgin media. Has someone hacked into your wi-fi? Was it an external wi-fi? Have other sites you use been affected?
I'd be more concerned about everything else I do before getting stressed with Ebay. Once you've got a clear picture of how and what has happened you could maybe look at sending the information to Ebay and explaining how you have steps in place to stop it happening again.
As I say I don't know what happened with Virgin Media but if it's their fault then you should be angry with them first before Ebay who look to have saved you any money being taken from your account.

Exodi

RFW said:

metalmick said:

soolin said:

I'd be interested in how the hack happened- in case there is an issue somewhere. 2FA should be in place - and there's no reports on other groups of a current major issue. 

The last couple of 'hack' stories I've seen ended up being people who knew the victim or used a shared PC or device- rather than a professional hacker bypassing the system. I do try and keep ahead of issues as no company is entirely safe (as M and S have found out) and if needs be pre warned means a user can at least try and protect themselves. 

Indians got into my Virgin Media account and then went from there.... don't ask me, that's all I know. That's not the point.

I'm afraid it is the point. If you can let Ebay know how it happened they'd probably consider that it couldn't happen again. For all they know it could be someone you know using your account or you've left your laptop open in a cafe or whatever.
I doubt any of us are safe from being hacked or cloned but if I was I'm fairly sure I'd know how it happened or be able to find out quite quickly.
I'm a bit confused as to what happened with Virgin media. Has someone hacked into your wi-fi? Was it an external wi-fi? Have other sites you use been affected?
I'd be more concerned about everything else I do before getting stressed with Ebay. Once you've got a clear picture of how and what has happened you could maybe look at sending the information to Ebay and explaining how you have steps in place to stop it happening again.
As I say I don't know what happened with Virgin Media but if it's their fault then you should be angry with them first before Ebay who look to have saved you any money being taken from your account.

Virgin Media is also an email provider (Virgin Media Mail) so by far the most likely scenario is the OP has an email account with them and the hackers have gained access to the email account.

Even if the OP could ascertain how their email address was comprised (which I'd wager will be either from their email address/password combination being leaked from another website, and the OP using the same password on multiple websites while also not having MFA enabled on the email account OR being socially engineered into providing access as the OP seems to know the scammers were Indian), the OP's lack of regard for security poses an unacceptable risk to eBay that almost cost them over £5k. There's no reason they should take this risk again.

Despite what people think, email addresses with reasonable MFA enabled are almost impregnable - in the significant majority of cases access is not gained by nefarious hackers in dimly loot rooms wearing sunglasses typing "initiate hack in mainframe" into command prompt, it is gained by people working through a list of account details from a data breach and simultaneously hoping there is no MFA on the account, or through social engineering (e.g. the victim inadvertently provides the details to the scammers as the scammer convinces them they're from their bank or something).

(of course, I'm more than happy to be corrected on any of my assumptions about it being an email account or how the account might have been accessed).

I agree with you thought that while the OP thinks him being hacked is irrelevant (perhaps considering himself a victim of bad luck), it is very relevant. It's certainly an unacceptable level of risk for eBay to trade with someone who can seemingly get their account compromised at any moment. Really MFA should be mandatory, but I appreciate you get people complaining about how inconvenient it is...