One thing I’ve often written about is the decline of customer service. I don’t often get the chance to praise good customer service so I’m going to grab the opportunity that I got yesterday.
Yesterday morning I got up to find two mail messages from Ebay in my inbox confirming that my items had been successfully listed. This was surprising as I hadn’t listed anything. My initial thought was that these were phishing attempts and that I should just delete them. But before I did, I took a closer look and found that they were real messages from Ebay. They contained both my username and my real name and all of the links in the mail went to the real Ebay site and not some phisher copy[1].
At that point I got a bit worried and tried to log in to my Ebay account (by typing the URL in my browser’s location bar, not by clicking on any of the links – always a good idea in cases like this). I found that my password wasn’t recognised. It seemed that someone had managed to get into my Ebay account, change the password and start listing items for sale – listings that I would be charged for.
Then I noticed a third mail from Ebay in my inbox that I had previously missed. This is what it said:
Dear davorg,
It appears that a third party accessed your eBay account and used it to list items without your authorisation.
At this time we have taken several steps to secure your eBay account, including cancelling the unauthorised listings and crediting all associated fees to your account. We assure you that your credit card and bank details are kept encrypted on secure server and have not been viewed by anyone.
It then went on to list links to pages that would allow me to reclaim my password and give me advice on how I could make my account more secure.
The two messages about the unauthorised listings were sent at 4:35am. The message informing me of the problems and what had been done to fix them was sent at 4:53am. In less than twenty minutes Ebay had spotted the problem and done all they could to correct it. All while I was fast asleep.
I call that pretty good customer service.
Of course, now I need to work out how someone got access to my account. I admit to having been a bit lax and using the same password on a number of sites so it’s possible that one of those other sites was storing my password in plain text (we all know how common that is) and someone got hold of their data. Or perhaps it was some convoluted XSS attack.
I’ve learnt a lesson though. I’ll be far more careful with passwords from now on.
One question still remains. How did Ebay identify that my account was compromised so quickly? I’m sure it was some kind of automated response, but surely it’s possible that I was on their site at 4:30 in the morning trying to sell some Ugg boots that were an unwanted Christmas present.
Never thought I’d be praising Ebay for their customer service!
[1] I read all of my email in plain text mode so it’s hard for people to send me disguised links.