Analyzing the obsure Ebay hack

Akshata Lolayekar
4 min readMay 13, 2021


Did you know? Ebay makes up over 6% of the 50,000+ fake login pages over the Internet!

Photo by on Unsplash

This is what happened in early February’20 from the POV of a seller on Ebay “I called your customer service. My account was hacked. Your specialist told me he had never seen anything like what had happened to my account before. I actually had to tell him what I thought was going on, then he checked into it for me. These hackers went in my account and changed my business policies. Each time someone checked out, my money went into a different email. He couldn’t help me fix it. I had to end 78 listings..”

This attack was never documented or responded for, for it wasn’t similar to any other large scale attack. Multiple users found and reported suspicious activity on their accounts, though no one till date knows if it was a breach on Ebay’s side or if it was the user’s fault.

All of that is to say, while it is possible that the compromise could be linked to a lapse in security on your side, there is a bigger picture in play here that suggests bad actors may have discovered a new, very reliable way to gain unauthorized access to a large amount of eBay accounts. With all of the research I have done, and with reading a variety of reports here in the community and across social media about accounts being compromised and used for fraud, I am fairly confident in saying there is something going on that is beyond your typical phishing email scam.” one of the community members claimed. Many others believe that multiple reports around the same time is anything but a co-incidence.

Account hacking is definitely not new, but what made this case noteworthy is how the accounts were hacked conveniently during the Covid-19 times. The customer service was unavailable and this created the perfect scenario for the hack to take place. Numerous users were found posting on forums, having discussions and no support whatsoever was seen from Ebay.

During a crisis, people are on edge. They are on the lookout for any available information/direction from the employers, government, and other relevant authorities. An email that appears to be from one of these entities and promises new information will most likely gain the user’s trust. An impulsive click later, the victim’s device is now infected.

Coming to an obviously incorrect question.

Is Covid-19 to blame?

Cybercriminals prey on social vulnerabilities, and COVID-19 is no exception. Cindy Murphy says and I quote “People haven’t become more trustful in the past six months; they’ve become used to big changes in small messages. Right now, it’s much easier to believe information that appears right in your inbox.”

What can we do here?

Just like coming in contact with a person infected with Covid 19 increases the possibility of you getting infected, your digital business presence is directly proportional to the chances of cyber attackers targeting your business. Businesses and individuals need to realize this. One way to approach this issue is to contact cybersecurity firms to assess your data security level to test and fix the vulnerabilities.

What could have Ebay done?

The most surprising element here was that Ebay did not own up to the hack even though a decent number of users were affected by it. Account hacking today is as frequent as any other low level attack and big corporations do not prioritize it over others.

But many still feel that a little online support from the company would’ve gone miles in helping the clueless customers secure their accounts.

Here are few points to follow:

  1. Many breaches boil down to someone leaving out-of-date software running. Most major computer companies issue regular updates to protect against newly emerging vulnerabilities
  2. Keep your software and operating systems updated. To make it easy, turn on automatic updates when possible
  3. Use strong, unique passwords
  4. Whenever you have the option, enable multi-factor authentication, particularly for crucial log-ins like bank and credit card accounts
  5. Encrypt the data that’s stored on your smartphone and computer.
  6. Be careful using public Wi-Fi

Other than the above points, the most we can do in such situations is be well informed

No person, organization or computer can ever be 100% secure. Someone with the patience, money and skill can break into even the most protected systems. But by taking these steps, you can make it less likely that you’ll be a victim, and in the process help raise the overall level of cyber hygiene in your communities, making everyone safer both online and off.



Akshata Lolayekar

I read science & history books in my free time. I also like food, fashion, travel & photography