Tuesday, October 26, 2010

Old accounts haunt you...

Last night I had a police officer from the Santa Clara County Sheriff's office come by my house at 11:00pm. It led to an extremely long night. Some 12 years ago, I abandoned an e-mail address which made it impossible for me to use my old ebay account, since I had forgotten the user name and password. The officer showed up with printouts of auctions of some very expensive antiques being sold under my name on ebay, on that old account. It had been hacked! Surprisingly enough, the thief had not thought to change the password on the account, though he had changed the e-mail address to point to him.

I logged into the account by guessing my own password from 12 years ago and together with the officer we worked through what had been happening. The perpetrator would auction off imaginary goods by stealing pictures from other ebay auctions, and then tell the user that his paypal account was hacked, so he could only take payment by wire transfer. (Yes, we wrote down all the details behind the information he provided: the perpetrator did not go in and delete all the correspondence between him and the victims, so we had a full e-mail trail on the ebay account)

I then spent 3 hours with ebay's customer service deleting existing auctions and closing out the account. I hope this was enough to catch the bad guys. At the very least, those bank accounts that got wire transferred into will be frozen. Just goes to show, even if you've abandoned an old account, it can still come back and haunt you years later. I've gone and changed all my passwords now as a result of this, and while that's a pain, it's better than having a knock on your door around midnight by the police.
Post a Comment