New one on Me
Thread Starter
Join Date: Oct 2000
Location: Sunny Sussex
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
New one on Me
I got an email from Ebay this morning (and it was from Ebay), confirming my request to reset my password. I haven't done that, so it looks as if someone has tried to get into my account. Helpfully, Ebay provided the originating IP address: 62.232.41.217, which sure isn't mine.
Obviously I've ignored the request, however, I'm now left wondering how secure my Ebay account is. Obviously I have a username & a password & whilst changing my password is easy enough, a complete change of details would wipe my history & therefore my reputation as a buyer & seller. Presumably, one would have to have only my username to request a password reset & that is the basis of the attack, but could they somehow garner my details after that attempt??
Obviously I've ignored the request, however, I'm now left wondering how secure my Ebay account is. Obviously I have a username & a password & whilst changing my password is easy enough, a complete change of details would wipe my history & therefore my reputation as a buyer & seller. Presumably, one would have to have only my username to request a password reset & that is the basis of the attack, but could they somehow garner my details after that attempt??
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
I take it you can still access your e-bay account? If so then the attempt failed. Might be a good time to beef up the password a bit.
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
info on that IP address
inetnum: 62.232.41.128 - 62.232.41.255
netname: UK-PIPEX-NETVISION-1
descr: Netvision-1
country: GB
admin-c: GC2114-RIPE
tech-c: HM655-RIPE
status: ASSIGNED PA
mnt-by: AS5519-MNT
mnt-lower: AS5519-MNT
mnt-routes: AS5519-MNT
source: RIPE Filtered
role: Hostmaster Contact
address: PIPEX Communications
address: The Hinshelwood Building
address: Edmund Halley Road
address: Oxford Science Park
address: Oxford
address: OX4 4GB
address: United Kingdom
phone: 44 870 909 8181
fax-no: 44 1865 778 160
inetnum: 62.232.41.128 - 62.232.41.255
netname: UK-PIPEX-NETVISION-1
descr: Netvision-1
country: GB
admin-c: GC2114-RIPE
tech-c: HM655-RIPE
status: ASSIGNED PA
mnt-by: AS5519-MNT
mnt-lower: AS5519-MNT
mnt-routes: AS5519-MNT
source: RIPE Filtered
role: Hostmaster Contact
address: PIPEX Communications
address: The Hinshelwood Building
address: Edmund Halley Road
address: Oxford Science Park
address: Oxford
address: OX4 4GB
address: United Kingdom
phone: 44 870 909 8181
fax-no: 44 1865 778 160
Join Date: Oct 2006
Location: EGBJ Gloucester
Age: 40
Posts: 103
Likes: 0
Received 0 Likes
on
0 Posts
The premise behind the emailing is that only the person who has access to the inbox of the email address associated with that account can view the newly reset password.
Anyone can go to the site and click on the "I've forgotten the password for my account named XYZ, please email me a new one".
Complaining to the ISP won't help as there's little likelihood of abuse here. I frequently get password change requests for a different site because my username is 'Rob'. People forget their username, try logging in as 'Rob' with their password and it doesn't work, so they request a password reset.
So you should be safe. That said however, it would be a good idea to make the password a safe and secure one.
Anyone can go to the site and click on the "I've forgotten the password for my account named XYZ, please email me a new one".
Complaining to the ISP won't help as there's little likelihood of abuse here. I frequently get password change requests for a different site because my username is 'Rob'. People forget their username, try logging in as 'Rob' with their password and it doesn't work, so they request a password reset.
So you should be safe. That said however, it would be a good idea to make the password a safe and secure one.
Thread Starter
Join Date: Oct 2000
Location: Sunny Sussex
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
I too could not see how the benefit of attempting to reset my password could accrue to a third party, hence the question. I have reported it however, since it is highly unlikely that someone would asccidentally attempt to log on s me & the go on to reset my password, so if it results in a crafty sod getting an email that says WE SEE YA, then so much the better.
More bang for your buck
Join Date: Nov 2005
Location: land of the clanger
Age: 82
Posts: 3,512
Likes: 0
Received 0 Likes
on
0 Posts
How do you go about getting that info from an IP address?