eBay Security Flaws or How am I supposed to have bought 28 objects in 3 minutes on ebay france, US and italy!

Sept. 17th, 2006 21:37 by Stéphane de LucaPermalink | TrackBack: https://stephanedeluca.com/trackback/361 — updated on Sept. 18th, 2006 22:45 exists for 12 years & 7 months ago

Wow... last Saturday I was surprised to receive no less than 28 email notifications about the 28 objects I had won the buys!
What? I didn't buy anything. Nor ever loged in eBay for months...
I did not realize at once. I 've opened one mail from ebay france (in french), and read the following:
" Félicitations ! Vous avez accepté d'acheter l'objet suivant :

Then one from ebay.com:
"Dear stephanedeluca,
You are the winning buyer for the item below. Thank you for your business!
Item title: $250,000 - $500,000 first year income from home based
Web address: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=160030424301

Finally, one in espanol:
"Estimado(a) stephanedeluca,
Esperamos que disfrutes de tu compra. Se ha recibido el pago por el siguiente

Dirección Web: http://cgi.ebay.es/ws/eBayISAPI.dll?ViewItem&item=150029238219
Número de artículo: 150029238219
Seudónimo del comprador: stephanedeluca
Seudónimo del vendedor: tizeforever
Importe total: 0,01 EUR

Muchas gracias. Te agradecemos que realices operaciones en eBay."

I first thought to a phishing act: I read the IP from the email header and made a WHOIS that has shown that this IP actually belongs to ebay.

So it is probably someone who has stolen my account! I immediately send a mail about all this from the ebay security form. Due to a lack of confidence now I have about eBay security system, I asked for my account to be closed immediately.

Today, reading my emails, I have received many emails about the cancellation of the supposed bids I had placed, as follows:
Cher membre d'eBay,
L'enchère que vous avez placée sur l'objet (300026878421) a été annulée. Vous pouvez afficher les motifs de l'annulation en cliquant sur le lien Historique des enchères sur la page de l'objet.


But what really irritated me was the mail about my account suspension, as follows:
Dear stephanedeluca (stephane@deluca.biz),

We regret to inform you that your eBay account has been suspended due to concerns we have for the safety and integrity of the eBay community.

"Abusing eBay" of the eBay User Agreement states, in part:

"...we may limit, suspend, or terminate our service and user accounts, prohibit access to our website, remove hosted content, and take technical and legal steps to keep users off the Site if we think that they are creating problems, possible legal liabilities, or acting inconsistently with the letter or spirit of our policies."

Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account.

Please note that any seller fees due to eBay will immediately become due and payable. eBay will charge any amounts you have not previously disputed to the billing method currently on file.


Safeharbor Department
eBay, Inc.

Shocking, isn't it? I immediatelly replied and asked for a letter of excuse. I keep you posted; I will tell you about the followup.

Are you using ebay? Did you experience such a situation? Tell me...