Your eBay account has been suspended
" Hello brokeninfinity, We wanted to let you know that your eBay account has been permanently suspended because of activity that we believe was putting the eBay community at risk. We understand that this must be frustrating, but this decision was not made lightly and it’s important that we keep our marketplace safe for everyone. Learn more about how and why accounts can be suspended... "
I'm a long time, infrequent eBay user, mostly buy stuff, 331 stars, 100% feedback rating. Haven't used eBay recently, no idea what just happened. Maybe someone was trying to hack my account? The suspension email has no reply address. I tried contact eBay through their web chat, and they say 'Sorry Scott, live support's currently unavailable.'
I guess I'll stop using eBay now. The summary execution with no explanation and no escalation path and no appeal is not endearing. Count me added to the chorus of folks calling for regulations that will eliminate this sort of abusive behavior against consumers. We need some sort of 'due process' required of companies that operate above a certain scale. I mean, I shudder to think of the position I would be in right now if I depended on eBay for anything important. Thank goodness for me that I do not, but not everyone can say the same.
What do you think?
153 comments
[ 3.3 ms ] story [ 247 ms ] threadIf you want to know why people aren't adopting 2FA, it's because we know it's just a matter of time until the hole that attaches your Yubikey to your keyring wears away, your Yubikey disappears, and with customer service that amounts to "talk to the hand" at many sites, it's a digital death sentence.
My brother got kicked off Facebook a couple weeks ago because his account was hacked and they couldn't decide who was legit and who wasn't, so they just threw up their hands and shut down his account. It hurt because he used Facebook a lot.
I agree that 2FA doesn't solve the problem of companies deciding not to invest in good, considerate, human, security conscious, customer support. More technology isn't always the right answer, especially when it comes to questions of companies harming and then dehumanizing their customers because it's cheaper than doing than the right thing.
Companies need to at least clarify “what happens if I don’t have my key” also one time codes are a thing that need to be saved and can help mitigate a hardware failure.
The point of 2FA is "something you have"... if you lose it, you no longer have it. It's designed to lock you out if lost/stolen... otherwise, what would be the point?
As an aside, 2FA keys are not what most people use... they use cell phone numbers, time-based rolling-code authentication apps, email addresses, etc. It's your choice to use a physical key, even if it might technically be the most secure of the options.
Security is always a trade off with convenience.
GP seems to not understand the point of 2FA. If you can simply call up customer support and maneuver you way back into a locked account, then so can the "bad guys". Any information they have about you can be found by a determined attacker... hence, the "something you have" approach.
The alternative is for me to use TOTP and have the secrets printed out, lightly encrypted, and stored in a safe deposit box.
I don't think wear-and-tear is why people aren't adopting them. I have a yubikey from Mt Gox (yeah, the btc one) that I've just left on my keychain all this time. My keychain is not treated gently, and it's been through the washing machine more than once... yet the hole is fine, and plugging it in now, it still functions and delivers its gibberish after a touch. I don't know what the expected lifetime should be.
I can't really speak to other people, but I personally avoid adopting 2FA because 1) most of my passwords are strong 2) it's not true 2FA, instead of yubikey it's some shitty SMS system or more uselessly a TOTP system whose key I can add to a bash script that'll use oathtool and xdotool to enter it for me with a hot key press 3) it's some shitty app that requires my online smartphone 4) I worry about the opposite case where services are so forgiving to restoring access that even if you have a brain aneurysm and forget the password and your yubikey bursts into flames they'll still let you in after a phone call -- if my account access can be socially engineered that way anyway, I don't want the additional annoyance of dealing with 2FA.
So when I can I stick with small companies; when they get funded or taken over, I find an alternative. I manage small SaaS products myself and I definitely will never leave anyone hanging, not even for a few hours; many small companies have the same feeling.
Of course, often you cannot do anything else but take the large ones. Luckily with banking this changed over the past years, but plenty things are still utterly broken support (and because you need support, also software wise probably) wise.
The NPR Planet Money episode "Escheat Show" follows the story of a man who bought some Amazon stock long ago, and purposely never logged in to his online account, letting the stock multiply into a presumed small fortune. Years later he found that due to his inactivity the account had been deemed by his state (Connecticut?) as lost property years prior, liquidated, and entered into the state's escheat program, where one can claim lost property. The stock had been liquidated at a much lower price than its present worth. He wanted to sue since his intention was to leave the stock untouched for years but found there were some complications. He's currently waiting for the stock to hit a valuation where a great lawyer will be tempted to take it on contingency while still leaving himself a fortune.
[0] https://www.npr.org/2020/01/24/799345159/episode-967-escheat...
Ignorance of the law doesn’t make exempt from it.
I got a flurry of what looked to me like phishing emails 'from eBay' right before my account was suspended...they claimed to cancel my bids on a bunch of old, long over auctions, with the call to action asking me to click on link with a URL referencing a local DLL.
So yah, something fishy is going on, but I can't help eBay figure it out if they just disable my account and make themselves unreachable. Is this what ghosting feels like?
Are you talking about the urls that have "eBayISAPI.dll" in them? That's just how their urls are, not some sort of attempt to execute dlls on your computer.
Mercari is also a good platform to sell on.
Not exactly related but: a couple of weeks ago I suddenly had my account 'restricted' on eBay and told I could no longer sell or receive payment for anything I'd sold until I uploaded a load of personal ID documents [passport / driving licence, etc] to confirm my identity. This, after I'd been buying and selling on eBay for 19+ years. Browsing their 'community' forum, it became clear that eBay have done this to loads of people recently, including many who had been members even longer than me. What disgusted me even more than this obnoxious privacy invasion was the number of people on the forum who'd actually sent eBay all the required documentation instead of telling them to go fuck themselves.
Luckily I had no uncleared payments in my account. So I've just stopped using eBay. It's just a pity there's no viable alternative. Nothing like a bit of healthy competition to help rein in the jaw-dropping arrogance of these mega-corporations.
EDIT:
Agreed. I've had this happen to me before with Twitter as well. Got 3 accounts suddenly suspended for no reason. Boring long story but, after about 6 months they re-instated them with nothing more than a "Whoops! We made a mistake".What makes these 'summary executions' [I like that description!] infinitely more annoying is that there's no way to enter into any kind of a dialogue about it. If you receive an email from eBay, telling you you've been suspended, it'll come from a no-reply address and good luck actually finding any way to contact them through their website. It just sends you round and round in circles before eventually dumping you onto their 'Community' forum, which is basically just a load of other pissed off users, shouting into the void.
I know the old argument goes "Their playground. Their rules" and, in general, I agree with that. But, with these huge corporations which have a virtual monopoly on certain arenas of internet activity, there ought to be some safeguards in place to protect users against arbitrary [and often unfounded] account suspensions. This kind of thing could literally bankrupt someone's business, if they relied heavily on eBay sales.
But I have a fondness for out of print, obscure tabletop RPGs, and eBay is probably the only market I know of for that, outside of knowing a guy who knows a guy.
Losing access to eBay would be annoying. Not world-ending, because perspective. But annoying.
I don't use anything that I'm totally dependant on, so this hasn't been a problem for me (getting an account closed - might have happened with Facebook, maybe), but your post made me think of what I'd do with such a request:
First, I'd say something like "Well, since you're asking for *very* personal and confidential info, first I will need you to confirm *your* identity by you sending me [unredacted ID card|License|Passport] as well as proof of employment such as [Complete unredacted paystub|Complete unredacted employment contract] to ensure you really are who you say you are before proceeding".
To which they would invariably reply "Well we can't do that because it would violate the privacy of our employees (oh, the irony!), but rest assured we will keep the info you provide strictly confidential, blah blah blah".
At that point I'd fire back "Seriously?!??" along with samples of past leaks/privacy violations from that company, along with a blurb about how I can't talk about this request anymore since I'm now in the process of forwarding this to my local Attorney General (or "on the advice of my council"), etc.
Went to sell something last year, and they immediately wanted a pile of personal information and bank access that I'm simply not going to give them or anyone like them.
And that's how I stopped using Ebay after 20 years. Not like there aren't other places to sell things.
Lol, yeah, Amazon.
No other marketplace comes close to eBay and Amazon when it comes to the number of buyers you can reach.
But that's for "casual" sales, when you need to sell something fast and relatively painless. And/or sell something niche.
Endless captchas, randomly asking to login again, holding payments, asking for more and more user data, now demands ID card picture and social security number for selling, dropping PayPal... After 10 years without problems, getting really tired the past 6 months
Also, their financial model puts me off. They have no seller fees, but you have to buy seller membership [per week / month /year etc] to sell. Given the apparent lack of activity on the site and the chance that I'd get no buyer interest at all, that seems like a bit too much of a gamble to me.
[0] https://www.ebid.net/uk/
I deleted my eBay account after over a decade of use, when eBay switched from PayPal to managed payments (basically requiring social security number and bank account) -- I didn't trust eBay with my personal data after dealing with increasingly poor customer service.
We are talking accounts with 10 year positive reviews, selling trinkets, being treated like a 0 reputation account selling the latest iPhone
I’d had it since 1998.
AFAIK eBay doesn't support WebAuthn. I got a set of 3 Yubikeys some months ago (1 for my laptop, 1 for my workstation, 1 for backup in my fire safe) and I wanted to protect my eBay account using them, but eBay only offers me options to add SMS or eBay's mobile app as 2nd factors.
Also note that the option is not under "2 step verification" but a separate "Security key sign in" section lower down, because their implementation is not really 2FA, it's just an additional login method (email + security key) and it doesn't disable regular email + password login.
I managed to reach their customer support line and had the most arrogant agent I've ever had in my life. Like someone who genuinely felt like I was some kind of evil hacker, and actively got off on punishing me. It was disgusting.
FYI - I'm just some regular person who reads this website, and I honestly feel really weird actually being one of the people who posts replies. But reading this brought back such angry memories of that encounter that I felt compelled to actually create an account and share my experience.
In the end I switched to one of the much better app-based modern competitors that we have in the US (edit: it was Mercari) and never looked back. Too bad the rest of the world is still stuck on eBay.
You are not supposed to resell Apple products. You must treasure the precious. To resell can get you kicked out of the cult.
I agree with you that part of the anti-monopoly legislation updates that are needed for platform companies is mandated visibility of a way to contact a person to resolve issues, and fines for exceeding a response time (maybe 20 minutes). I'm a libertarian and normally oppose this kind of thing, but the obvious abuses from every big tech company are too big to ignore and are exactly the kind of thing where government regulation does make sense.
Yep.
> I agree with you that part of the anti-monopoly legislation updates that are needed for platform companies is mandated visibility of a way to contact a person to resolve issues, and fines for exceeding a response time
This would solve several problems that exist. What if legally-mandated customer support came to, say, 30% of Google's operating costs? What if it was 80%? It's not obvious that banning no-recourse decisions is an improvement to the world.
> (maybe 20 minutes)
Well, no, that's ridiculous. Legally mandated 20-minute response times means legally-mandated no-recourse decisions. Only the computer can respond quickly enough to comply.
If this is what you want, then you'll need to escalate your problem to regulatory authorities, even if doing so only means they become aware of the problem. I've posted links to forms that you can use to report issues like this to state-level and federal-level regulators here[1].
[1] https://news.ycombinator.com/item?id=28176193
The first link led me to the State of California Department of Consumer Affairs. I filled out the form to file a complaint and got an error: "The requested URL was rejected. Please consult with your administrator. Your support ID is: 18093870959457122962". LOL it's dead ends all around. No one wants to hear from plebs.
I'm not giving up though. I'll go through your links and I'll figure out how to get through to someone. Might have to write a physical letter. :)
It's an automated system. Customer support will say the equivalent of "it's a secret" why you were banned. Yeah right it's some dumb batch job.
Save yourself feeling abused. Don't bother trying to fix it. Waited 6 months and created a new account.
Another time I sold an item and shipped it. The froze my account. Same "it's a secret" bs. What did work for me was contacting the Better Business Bureau. That got me answers, months later. It was because I shipped the item before the Paypal payment had cleared.
eBay is a shitty company. To the extent this is the future of software, we a f-ed as we get older. These systems are going to chew us up and spit us out.
It’s almost as if they’ve given up on their whole mission of being a safe and reliable place to buy and sell goods online. After all, who actually wants to pay for moderators? Not them, clearly.
1) Inactive or low activity account starts selling (instead of buying) high value / high risk items. Think GPU's, Macbooks, etc.
2) An old account has activity (including someone trying passwords from various breaches some of which might match an old salt). Because old account takeover and then fraudulent sales is a pretty big issue (old accounts often have 100% positive ratings) this seems to trigger the bots.
3) Accounts without KYC - normally you are asked to update.
I'm not sure how old accounts have to be to have problems. I'm from early 1999 which was three or four years after I think they got going.
The fraud problem was getting pretty ridiculous on ebay so kind of glad they are cracking down but it's got to be a pretty imperfect hammer and so no doubt lots of false positives.
I've gone to selling my old iphones / ipads etc back through apple. No where near the price you get elsewhere, but no hassle either from my experience.
https://bam.kalzumeus.com/archive/the-fraud-supply-chain/
I bought a heating element for my dishwasher on eBay. I received a non-genuine part, took photos, and requested a return. Next thing I know my 15-year-old account is banned. Maybe the seller reported me in retaliation? eBay's "support" AI sure isn't interested in telling me what happened.
I hate this world we've created, where you can get banned from services at random with no recourse and locked out for life by an AI. The same thing happened to my Discord account a few months ago too :(
It almost makes me want to start a meme Twitter account and build up a big follower count. That's apparently the only way to reach a human in customer support at a big tech company these days.