Results 1 to 1 of 1
February 17th, 2003, 04:36 AM #1
- Join Date
- January 18th, 2005
Not specifically related to CJ, but a seemingly GLARING security problem. Here's a transcript of a "help" session I just had with Ebay's live support (really no help at all actually):
Thank you! Your request has been sent. All requests are handled in the order received. Your wait time will be approximately 0 minute(s) and 9 seconds. Thank you for waiting.
You are now chatting with 'Vaughn'
Vaughn: Hi, my name is Vaughn, thanks for using Live Chat!
Vaughn: How can I help you?
dansdisques: I just got an email from someone who has bought from me in the past, saying that when they click on their "My Ebay" link, they wind up looking at *MY* account page. WTF? 2 days ago I noticed similar flukey behavior: when I went to "My Ebay" the "eBay User ID" field was filled out with someone else's email address. I cleared all cookies, cleared the cache, rebooted, and tried again. Same thing, but a diffrent person's email address. Looks to me like however Ebay is doing session tracking is all [CENSORED] up, and quite frankly I don't like the idea that anyone can randomly be plunked into full access on my account.
Vaughn: I understand your concern....
Vaughn: Just a moment...
Vaughn: Thank you for reporting the errors you encountered while signing in to My eBay. We have had a few reports from members that are signing in and being redirected to another member's My eBay. We are currently investigating the possible causes of this error and will work to resolve it as quickly as possible.
Vaughn: We sincerely apologize for this inconvenience and thank you for your patience while we work to bring this feature back to normal working order.
dansdisques: Nice canned response, but what's to keep someone else from changing my password, details, etc.?
Vaughn: Normally they would still need to know your password to be able to do that.
Vaughn: On you own computer while signed into your account, if you step away for a moment and come back you need to re-enter your password when trying to make certain changes.
dansdisques: Well, normally you can't get into someone's "My EBay" account and view ongoing auctions, etc. without knowing their account, but apparently they can. How do I know they can't make changes either?
Vaughn: If anything did happen to your account, you will want to contact us as soon as possible so we can fix the problem. I'll get you a screen you may want to save incase you need it.
Vaughn: This is because of a glitch in the system. They go there by mistake not knowing how they got there...
Vaughn: We are working as fast as we can to get this fixed!
Vaughn: I'll get you that form in case you need it.
Vaughn: The Support webform is located at: http://pages.ebay.com/help/basics/select-support.html
Vaughn: The Trust and Safety webform is located at: http://pages.ebay.com/help/basics/select-RS.html
Vaughn: Those are the two main forms we use in case you need to contact us.
dansdisques: Ok, hopefully nothing comes of this, but this is extremely disconcerting from a security/trust standpoint...
Vaughn: Hopefully we can get this fixed before anything happens.
Vaughn: I understand, this is the first time I have seen this so it may not happen again.
dansdisques: Ok, thanks.
Vaughn: No problem...
By keenedge in forum Commission Junction - CJReplies: 9Last Post: November 19th, 2006, 02:36 PM
By PolkSDA in forum Commission Junction - CJReplies: 4Last Post: September 6th, 2005, 09:50 PM
By PolkSDA in forum Commission Junction - CJReplies: 32Last Post: February 24th, 2005, 04:48 PM