Interesting article in auctionbytes today.

eBay sellers sometimes share passwords with employees, which may add to the vulnerability of their accounts. The survey questioned respondents on practices regarding password-sharing.

When asked how many people had access to their eBay password, 64% of respondents said only they had access. 27% said members of their household have access to one or more of their eBay passwords. 10% said trusted employees have access to one or more of their eBay passwords, and 1% said friends and/or colleagues have access to one or more of their eBay passwords.

Clearly, this shows the real possibility that ebay employeees could be able to hijack accounts, send spamphish and so on.

Look at the article, OVER TWENTY PERCENT of the respondants reported their accounts had been hijacked. That is a truly dismal stat.

In my experience, the ONLY addys I ever got phishing mails in were the ones that I had registered with ebay and/or PayPal, even though I never shared PWs with anyone. Those addys looked like passwords themselves, so a dictionary attack method of getting thew addys is not plausible. But EACH and EVERY time I had a paypal transaction, I got phish attempts within an hour or so. IMO, either somehow PayPal/sleazebay or someone on the inside is doing it, or some crackers have tapped directly into the system somehow. No other explanations are believable or reasonable.

Most recently, only one, my posting ID (curiously enough) has been flooded with what I am sure are phish. I never ever open any email purported to be from sleazebay/PainPal anymore, it is asking for trouble.

-- Edited by anonymous at 16:28, 2006-09-19