Verification Errors & Banned Accounts - What's Up With eBay Security?
Back in December eBay had what many presumed was an automated bots gone wild situation with a massive wave of accounts being permanently suspended from the platform that inadvertently took down many legitimate accounts.
Liz Morton
It's not uncommon to see these complaints about being banned after creating an account, but they do seem to come in waves and I'm definitely seeing more reports cropping up in the last week or so, along with reports of receiving errors when trying to complete eBay's verification process.
Hey @eBay I’m trying to verify my seller account. Last used in 2021 or 2020. Anyway, I can’t get any further than this pictured. Been trying for 2 hours now - any help gratefully accepted else I’ll be using Vinted or someone else. pic.twitter.com/u35OjFcpXH
— Steve (@MonkeyTennis14) February 18, 2022
Hi Reshma - I’ve got through to a person on the call back option on customer service. Filled in a questionnaire about my acct (might be down to me not using seller acct in 2 years). But nowt else. Bored of it now.
— Steve (@MonkeyTennis14) February 18, 2022
@AskeBay Hello, I am having problems with verification page while accessing everything on the site
— Michael (@MAV530) February 17, 2022
I'm a 20 year user of @eBay. Just signed my UK company up for a business account and... got an insta-ban for "behaviour posing a risk to the community". Never made a single buy, nothing to sell. Support unsupportive. Clearly algorithm-overreach. Whats that all about? @AskeBay pic.twitter.com/0WABJmGMyt
— Martin Duncanson (@MartinDuncanson) February 15, 2022
I haven't used @eBay much, but when asked by my employer to buy some backordered network cards, I somehow got my account permanently suspended?!?! 🤷♂️
— TJ Anthony (@mrt300) February 18, 2022
Trying to buy $10K of gear, was working on a counter offer with the seller.
Chat with @eBay support got same blurb as below. pic.twitter.com/xgFtkTf3Lo
Russell Blackstock
For almost 20 years, Nicola Morrison had enjoyed buying and selling small items on her favourite online marketplace.
But she was stunned when, out the blue, she received an email from eBay saying that her account had been suspended after it was deemed a “risk to the community”...
...Nicola was further dismayed when she was told that there was no way to appeal against the suspension.
It's also interesting to note several recent observed changes or explicit updates that may be related to account security on eBay.
Back in December, I noted the explicit inclusion of port scanning technology (used to detect if a user on eBay is logged in via a remote desktop session) in eBay's Privacy Policy update (emphasis mine).
Prevention, detection, mitigation and investigation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (e.g. through the use of captchas, a port enumeration technology to identify user sessions using remote desktop tools or the telephone number stored in your eBay account for risk assessments and two-factor authentication), unless there is a statutory obligation to this effect.
Liz Morton
In the recent User Agreement update, eBay explicitly states users must agree to not share their log in credentials with any third parties, the first time I can remember eBay calling out Multi-User Account Access specifically as a security feature.
In connection with using or accessing our Services you agree to comply with this User Agreement, our policies, our terms, and all applicable laws, rules, and regulations, and you will not:...
...share your log in credentials with any third parties. If you require that authorized third parties (employees, agents, etc) have access to your account we offer a Multi-User Account Access program for that purpose.
Liz Morton
And Twitter user, FidoMaster shared what appears to be eBay testing out a new session timeout feature which would require uses to log in again after a period of inactivity - a security feature that was rightly applauded.
eBay has apparently rolled-out a new-to-us session time-out #CyberSecurity feature (often seen on financial sites)
— FidoMaster🐕 (@unsuckEBAY) February 14, 2022
If so, we applaud this move by eBay👍
👉https://t.co/A2CiQA4M5h$EBAY #CyberAttack #infosec pic.twitter.com/tW9Gybpow6
While some of these security measures my lead to friction or annoyance for legitimate users, it's encouraging to see that someone at eBay at least seems to be waking up to the account takeover fraud that appears to be happening on the site.
I reported over 150 suspected hijacked accounts engaging in triangulation fraud to eBay back on 2020.
Liz Morton
Multiple times a week, users identify and report compromised accounts being used to create thousands of fraudulent listings for cars as well as high end Rolex watches, trading cards, and more!
Liz Morton
Peter Craig
Once again doing @AskeBay @eBay work for them. Another hacked account with listings that aren’t their own. Be better ebay. Be better. 🤦♂️ #pathetic pic.twitter.com/BFbnxyz3uz
— PSA10Collectibles (@Psa10Collector) February 12, 2022
We’re so pleased to announce that this week’s run of compromised accounts being used for phishing continues on @AskeBay.
— eBay classic car scams (@eBay_antiscam) February 17, 2022
Why can’t eBay detect the same brown Audi? This is embarrassing, surely? pic.twitter.com/lSzBEB16AM
If eBay really is starting to take steps to address account security issues on the platform, I'm all for it. However, they're going to have to do a whole lot better than the broken verification links and AI powered dragnets that appear to be catching a lot of legitimate accounts in the crossfire with no clear way to appeal and recover banned accounts.
