This is how Ebay treats a customer of 22 years.

RFW

Exodi said:

(of course, I'm more than happy to be corrected on any of my assumptions about it being an email account or how the account might have been accessed).

I agree with you thought that while the OP thinks him being hacked is irrelevant (perhaps considering himself a victim of bad luck), it is very relevant. It's certainly an unacceptable level of risk for eBay to trade with someone who can seemingly get their account compromised at any moment. Really MFA should be mandatory, but I appreciate you get people complaining about how inconvenient it is...

There's no clarity on what part of Virgin Media has been the issue but, on balance, you're probably closer than my guess. I use MFA on accounts that require security. I don't know why I'd need it on BBC, for example.

I've been a victim of cloned and hacked accounts but they were as a result of leaked data (not by me) and one occasion, a long time ago, a credit card was cloned after being used in a petrol station.
I sell online and have done for 20+ years so I get loads of spam and phishing emails so am hard to catch. I'm definitely not immune though

adrich

Wow, that's absolutely terrible. After 22 years of loyalty, eBay should have done way more to help you (not punish!). Getting hacked is stressful enough without being locked out and hit with business fees. Their response sounds cold and unfair. It really makes you question how eBay values its long-time users.

Exodi

RFW said:

Exodi said:

(of course, I'm more than happy to be corrected on any of my assumptions about it being an email account or how the account might have been accessed).

I agree with you thought that while the OP thinks him being hacked is irrelevant (perhaps considering himself a victim of bad luck), it is very relevant. It's certainly an unacceptable level of risk for eBay to trade with someone who can seemingly get their account compromised at any moment. Really MFA should be mandatory, but I appreciate you get people complaining about how inconvenient it is...

There's no clarity on what part of Virgin Media has been the issue but, on balance, you're probably closer than my guess. I use MFA on accounts that require security. I don't know why I'd need it on BBC, for example.

I've been a victim of cloned and hacked accounts but they were as a result of leaked data (not by me) and one occasion, a long time ago, a credit card was cloned after being used in a petrol station.
I sell online and have done for 20+ years so I get loads of spam and phishing emails so am hard to catch. I'm definitely not immune though

People should use different passwords on each website, so in the instance of a website like the BBC where MFA is either not available or overkill, even if there was a data breach of the BBC, the hackers couldn't use your login details to then try access your email account or something. You could then use a credible password manager to store all the different passwords.

That's why I don't like the phrase 'hacking' because, in the significant majority of cases, it's just a nefarious person copy-pasting login details into various websites that have been leaked online from a data breach and hoping the victim doesn't have MFA set up. The notion that people are hacked almost implies an element of powerlessness, whereas in reality basic security measures put in place make accounts virtually impregnable, if they're used. As I said before, the significant majority of accounts are accessed because they have no MFA or the victim was socially engineered to provide access.

That's not to say it's impossible to gain access to an account with MFA (e.g. sim spoofing, though carriers are more aware of this now), it's just exponentially harder and requires a focused effort, which would generally be targeted. 

I don't want to come across as holier than thou, and I've certainly had many accounts compromised in the past as well, before I took security seriously and would naively click popups and visit sketchy sites, or before I started using things like authenticators and passwordless logins.

adrich said:

Wow, that's absolutely terrible. After 22 years of loyalty, eBay should have done way more to help you (not punish!). Getting hacked is stressful enough without being locked out and hit with business fees. Their response sounds cold and unfair. It really makes you question how eBay values its long-time users.

I don't expect OP will be back to confirm what happened, but if my assumptions are correct, it should be obvious why eBay sees that as a risk. OP doesn't even know how it happened. If eBay did allow him to continue trading, there's nothing to suggest the OP would not just update his eBay password to 'Password2', do the same with Virgin Mail, and then eventually every other site until there's another data breach and the same thing happens again.  Maybe they won't be so lucky to catch it before the £5k is disbursed.

It's easy for you to say eBay should just reinstate his account and pray for the best.

Think of it like this, you own a car rental site and a customer comes in to report that a car you were renting them was stolen off their driveway.

You're devastated but fortunately you have a tracker in the car so you report the location to the police and they fortunately catch the car and thief. The thief confesses that they saw the car driven and parked on the customers driveway every night, left unlocked with the key on the drivers seat, and they took the opportunity to steal it. The customer does this because it's more convenient than looking for the keys when they want to go for a drive.

Do you let the customer borrow another car? Or do you decide that the customers lack of regard to security poses too much of a risk to the business.

ballisticbrian

Has anyone pointed out two coincidental things occurred; if your eBay is changed to Business, it can never be transferred back to private again. If your eBay account is hacked and you report that to eBay, in nearly every case, the account will be closed, or not allowed to operate again.

GadgetGuru

OP - instead of being concerned about an eBay account, at this point I'd be glad I no longer owe eBay thousands!