Wow, oh, wow.
I don’t check my personal email more than once a day, and only usually check it at lunch time or in the evening.
So, I was just checking my email an hour ago, and i saw an email from 6:30am, from eBay indicating I had just changed my eBay email address to something new – not indicating what the new email address is, but did indicate the ip address of the request – the ip address was owned by frontier.net in Pomona, CA – not sure if that’s frontier’s business location, or the physical location of the computer that made the change. It also said an email was sent to the new email address, with instructions on how to complete the change.
I checked the sender’s email address and confirmed it was sent from eBay. The email also had instructions on what to do if I did not request this change, pointing me to a ebay URL. I went to that link (ensuring it was indeed a true eBay url), read the “what to do” instructions, and did everything it told me to do.
Then went to eBay, manually typing in the URL, and signed onto the website. Went to “My accounts/settings”, verified certain info that this indeed was my account (with correct phone nbr, street address, etc.) and also confirmed that my email address did in fact contain a new email address that I was unfamiliar with. For security reasons, they do not show you the entire email address, but the suffix of “@hotmail.com” caught my eye since I’ve not used a Hotmail account in more than 16 years.
So, I immediately changed my password to this account (as suggested by eBay), which then logged me out, and required me to re-log back in again. I then went back to settings, and requested my email address to be changed from the “new” hotmail address to my real personal email address.
They then sent me a second email to this address, this time it was the email address change confirmation process instructions, instead of a notification indicating my email address was being changed (I would guess that that email would have been sent to the hotmail address). So, I then went through the confirmation process to ack that my (second) new address is the proper one.
So, I’m back to my original email address, and now have a stronger password for this site, and, they also indicated I should probably change my password to PayPal as well, and not to use the same PW between the two sites. Did that as well.
Scary business.
I’m guessing some site I have an account on got breached – either recently or not so recently, and this morning someone tried to then access my eBay account, and changed my email address. The perplexing thing is, why didn’t they change the PW at the same time?
It looks like I’m going to have to go through my list of web site accounts tonight, and see which ones are using the same userid/pw combo as the pair I use on eBay, and start making PW changes.
Again, scary business. Glad eBay contacted me regarding the email address change. Glad whomever did the email addr change did not respond in a timely manner to the new email address confirmation mailing.
