I should probably tell you the story of my day. I'm not very well and haven't been for over a week. And I had enough other things to contend with of late but I wasn't quite ready for this.

Something I've been meaning to do for ages is to clear out stuff I have no room for in my flat - things I get given when I do street teaming (and hence don't reflect my music taste), old singles I don't play, and a few things my friend Teresa wanted me to sell for her. Plus a couple of things I thought might genuinely fetch a few quid. After much work I listed 107 items last week and they had about four days to go when the following happened:

This morning at work, I logged in to check how the auctions were doing and was told my password was incorrect. Tried it again, same story. So I attempted to reset it and my details were sent to my Hotmail account. So then I logged into my Hotmail account and was told my password was incorrect. Twice. That was pretty much alarm bell time.

I was still logged into my eBay account from the previous day (although a password was needed to do anything much) and could see from the intro screen that I was now selling lots of laptops on a one-day auction. I had heard about this before - people steal details of someone with good feedback so that people will bid with confidence, then they take the money and run. What I didn't know was how they did it as I never respond to phishing e-mail scams, and always visit the sites directly rather than following links. And I still don't. I now know how my e-mail address was obtained so I can at least warn people on that. If someone contacts you asking if you'll ship an item to another country, make sure you tick the "hide my e-mail address" option. The country in question was Malaysia, and the security question that my Hotmail account had on it was in distinctly non-English lettering. What I still can't fathom is how they got the Hotmail password, and this worries me, which is the main reason I'm sharing this with you. Perhaps somebody has an idea.

Anyhow, from that, they contacted eBay to get my password reset, providing my e-mail address and put the listings on. If this ever happens to you, while their normal customer service is quite slow they have a "live chat" function for when you've been defrauded, where one-on-one they ask you some questions then unlock your account, change the e-mail address you log in with and remove the fraudulent auctions. Genius. This is something well worth knowing about.

Which leaves the Hotmail issue. I've filled in a long form they provide, where I give as many details as I can about what I can remember - folders, recent e-mails, people on contact list, people on MSN Messenger list and so forth. Now waiting to see if they'll be able to get me back in. And on top of that I've had to go to just about every commerce site/message board I can remember using and change my e-mail address details.

All good fun. I guess this is a cautionary tale... but it's also me wanting to know whether anyone can think of another way they might have got my Hotmail password? I've never told it to anyone, and I'm pretty web-savvy, so... the mind boggles.

PS. If anyone wants to make me feel a bit better, buy something:

http://search.ebay.co.uk/_W0QQsassZcaptain...1QQfsooZ1QQrdZ0

:)

I'm sorry to hear about this... It's possible to put a device between a keyboard and PC that tracks keystrokes (have you used any computers other than your own?) and some spyware and viruses can do the same (or just get the data you enter into forms). There are random algorithms that can figure out passwords so that's a possibility also; some probably use dictionaries of common words and replace certain letters with numbers e.g. 'a' with '4'. It's possible staff at some companies have access to user details (including passwords) so it's advisable to use a different password for every site where it's possible to make financial transactions...

That's the most of my knowledge on the matter.

Oh dear! That's horrible. I guess the horriblest thing about it is the feeling that it probably wasn't just a bot or something automated, it feels like a human has sat there and linked things up and knows your name and has decided to defraud you personally.

I have got a bit lax with passwords recently, so I'm going to take this as a warning to go and change them all asap.

Not good at all! No idea how it's done, but I'm scared.

Phil - I've been wondering this for ages and I finally have to ask... what is going on in your photo? Are you dancing with someone short? Are you having your face licked by a dog? Are you trying on a false beard?

I now have everything back - I didn't think I'd be able to retrieve my Hotmail. Make sure with your Hotmail you know the details of a few people in your address book, a few MSN Messenger contact names, some of the folders you have, some of the recent e-mails... they ask you lots of things like that.

Once I logged into Hotmail, the challenge was working out where the "change language" option was, given that everything was in Malaysian!

Next thing is to work out how they got it all. I'll share that once I suss it!

By the way, my new eBay and Hotmail passwords are... ooops, nearly did it again.

Wow, that's worrying stuff. Such an invasion of personal space. I think we all try to be as cautious as we can but it never does any harm to be reminded that vigilance can soon soon give way to complacency. Must be careful.

Sorry about all that, Damian, sounds a horrible business. What happened to your ebay feedback ratings? Have the illegal ones been removed?

The illegal listings have gone and I've got my eBay account back and Hotmail as well. So all's well on that front.

Just a pity that I watched a violent dispute outside my friend Teresa's window tonight which ended in one of them smashing one of my car wing mirrors in a fit of temper. I think I'm using up all my bad luck in 2008 so that I can live a trouble free rest-of-life. :)

A couple more things before I forget:

The keystroke recording program is something I had thought about. That night I had used my parent's PC, on which the virus protection is fully up-to-date. Other than that I use my work laptop at work (obviously) and at home. At home I have a wireless network, but for the security settings I had help from a friend that deals with secure networks for a living. The person who stole my Hotmail changed the language to something with non-English characters. Someone else had to log into Hotmail so I could work out where the options were so that I could then log in and just click in the right places. And my home address was left unchanged except the home country was changed to ... Jordan.

The other thing is that eBay confirmed a request was made from my Hotmail address to get everything reset. The incursion definitely happened initially through Hotmail rather than eBay. Funnily enough, many of my passwords were the same thing that if you knew me it MIGHT have been possible to make an educated guess on (they're not anymore), but the Hotmail one wasn't.

One final thing: I spoke late last night to the aforementioned network/computer expert friend of mine. There was a kind of "Damo, Damo, how could you not know" friendly tut, then he sent me this link:

http://en.wikipedia.org/wiki/Dictionary_attack

It's all very tech-speak but the gist of it is - use passwords that aren't just a word, or even a couple of words, or a word and a number. The best thing you can do is to invent completely 'out there' passwords with letters, numbers and symbols that you'll probably need to write down (somewhere secure) unless your memory is very very good...

I've bleated on a lot now but I'm kind of hoping I can pass on something that'll stop it happening to someone else...

One easy way to come up with unwordy passwords that you don't need to write down is to come up with an acronym based on something you're familiar with, e.g. a memorable line from a song/book/film. If you need lots of different passwords, think of a song/book/film that includes a key word from the name of the website, so when you're staring at the login screen wondering what you chose, it'll be obvious. E.g. if you're a regular customer of www.howsyourfather.com (I haven't looked to see what that is), then you could choose the password tissftratp (with your favourite number on the end).

Er, it's a soft toy yak. It was given to a friend of mine on his birthday, as an in-joke present – he helped run the Nightline service at Reading Uni, and they did a campaign where they put loads of pictures of Yaks everywhere in Freshers week, then a few weeks later put up ads saying 'Stop Yakking, Start Listening'. Hence the yak.... Is that any clearer?

Oh yes! I can make out its horns now. Thank you.

Sorry to hear about that D

Something happened to me a few years ago similar to that, somone placed 2 auctions for some TV's which were about £1,000 each & of course it wasn't me.

Thankfully I was on it fast & got it removed, I just can't stand Ebay's EMAIL only communication status.

Hackers use the sofware/Trojan which can duplicate what you are entering

They've now got a live chat feature specifically for if you've been defrauded, which is highly effective and a big improvement on the e-mail only means of yore.

Here is a rather long winded story of somebody taking revenge on an ebay scammer.

http://www.zug.com/pranks/powerbook/index.html

Might cheer you up a little?

Blimey, that was quite a read!

Yes, hoping for improved luck after all the stuff that happened in the last few months, and perhaps I'm getting it. On Tuesday, my cat (well, I say my cat, it lives at my parents' house) disappeared. Yesterday (4 days later) she turned up.

I read that story a few years ago, when it first happened - it's still funny! - but a while after that, I heard that Jeff had gone missing and none of his old online mates could find any trace of him. They seemed a bit anxious, and didn't know if anything had happened to him, or whether he'd just suddenly abandoned them all. Put a bit of a dampener on the story...

Glad your cat has turned up OK, Damian. And on an entirely unrelated note, just to take this thread waaay off topic, Facebook tells me that Nick's on crutches! What's happened, Nick?!