Yahoo and eBay accounts hacked, make hackor pay!

  My girlfriend's yahoo email account was hacked earlier this month.  The password was changed and the 'forgot my password' link wouldn't work. Her eBay account, however, still had the same password. Durring the time when she couldn't enter her email, this person put a GPS system up on eBay and some one 'won' it. The person who won the auction, sent the hacker $1200 some dollars, and of course, did not receive this item.

   Now this is the information I have up to tonight. The headers of emails he sent from the hacked account, with ip and time. The account number, routing number, and name and address of the bank the wire transfer was sent to.

   I have sent and email to AOL, his service provider assumed from his ip, telling them about this. Is there anything else I should do? Also, her password had letters and numbers, and her security question was a trick question. How did this person gain access to her account? Norton and Ad-Aware have turn up nothing suspicious.

  One more question, would I be invading his privacy if I were to post his account and routing number and any other information I find, on here for google and the whole world to see?
Who is Participating?
simonenticottConnect With a Mentor Commented:
you should contact the police and/or any other relevent authority in your country and ask them to investigate.  
You should also contact the bank where the money was sent to let them know what you suspect has happened, they will most likely have an internal investigation team.
Have you contacted ebay ?  they'll have server logs for all transactions and may help.

You shouldn't post any info publicly because chances are it isn't going to be the criminals real details it'll most likely be another innocent persons details that have been hijacked, and who know what trouble that will get you in...
agreed 100%

Additionally, if you have not done so already, be sure to be completely open with the buyer about this situation. The sooner that they notify their financial institute, the better their chances will be of recovering their money.
>> How did this person gain access to her account?

Any number of ways.  By default when you log into yahoo mail, it is done in plain text and anyone running a sniffer on any network along the way can easily grab the password.  Even if she checked from home, if someone at her ISP had a sniffer running on a shell on a box that was able to see customers' traffic going to the router then they'd easily be able to sniff it out.  Many people use the same or similar passwords on many different sites, so any password a hacker gets will likely also be tried at popular other sites like ebay, paypal, citibank, etc.  The AOL account the hacker used is almost certainly a hacked account or a free trial account created with false information...or perhaps a zombied AOL machine that acted as a proxy.  If she logged in non-encrypted from anywhere semi-pulic at any time, ever, then there is a chance someone sniffed out the password.  If the hacker was stealthy, (s)he could have gotten the password 6 months ago and just sat on it along with however many other ones they snagged...and only using ones they've sat on for a while.  Furthermore, if they have a series of compromised machines at their disposal scattered around the globe through countries less than cooperative w/ US authorities on fraud issues, there's basically nothing you can track.  It's worth checking, of course, hoping they were ripped off by an amateur, but don't get your hopes up.  The best info you have is the routing number...if it's a US or US-friendly bank, then that's a good starting point for authorities.

If there is no evidence of malware on her machine, and she *never, ever* logged into an online service w/ her username/password (ebay/yahoo/whatever) from any other computer ever, then it was almost certainly sniffed somewhere along the line.  If she *ever* DID log in on another computer, securely or not, then the password could have been aquired on that machine via keylogger or similar.  Also check the date of her virus defs in Norton...there exists malware code that can break Norton's updates and you may never notice.  (One of my clients had that the time I got the machine to fix, the virus defs were 9 months old even though Norton seemed to "go through the motions" trying to update.  There were 100+ viruses on that machine that their norton (with the old defs) did not detect).  Obviously, be sure you updated AdAware's defs as well....and all current windows updates.  Not using internet explorer or outlook.outlook express for web and email will go a long way towards reducing the chance of system compromise as well.  Be sure to use a firewall as well...personally I prefer sygate's free personal firewall over popular ones like nortons, McCrappy's, and Zone Alarm...don't bother w/ XPSP2's's a joke for malware to bypass once inside your machine.

Does she use wireless?  Unless she's set up w/ a wireless access point authenticating to a RADIUS server, the chances are she's running a fairly easy to sniff wireless connection for someone in signal range (which could be someone miles away with a very high gain beam aimed directly at her WAP...don't think because you lose your signal 5 feet from the sidewalk that that's all the farther it can be received!).  Even w/ disabling SSID broadcast, MAC address filtering, and WEP, it would be trivial for someone knowledgeable to break that "security".  WPA has it's problems as well, especially in some circumstances.  If someone was sneaky enough, they could crack your wireless security then run a sniffer and just wait for the passwords sent in clear text.  Done.

Sorry for such a long post addressing one part of your question, but the above posters already completely covered everything else ;)  100% agreement with simonenticott and bmedward.
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

CasinoguyConnect With a Mentor Commented:
Did she by chance revieve and open an email claiming to be from ebay. I've gotten a few saying account suspension and saying there had been suspiciouse activity and to please click on the link which looks like an ebay link\blahblah.html but actually if you click on it a javascript is opened launching you to a different page that is not ebays and which gathers information. Crap asking for account confermation usernames and passwords is ALLWAYS a scam. Remember the question isnt are you paranoid? Its are  you paranoid enough?
fixnixConnect With a Mentor Commented:
wow...can't believe I forgot to mention phishing scams!  </brainfart> thanks for picking up my slack, Casinoguy :)
Rich RumbleSecurity SamuraiCommented:
Yes, this type of fraud could be due to a phishing scam, and should be reported to EBAY and Yahoo, as well as the FTC
Jonman364Author Commented:
simonenticott - The first thing she did was have eBay and paypal lock her accounts. Since then they have be reopened, passwords changed. I was thinking about calling the bank, nut they were probably closed at the time I received the information. The one thing I didn't think of was the first thing you suggested, calling the police.

bmedward - Thats actually how we found out. He sent an instant message to her asking if she had the tracking number for the package because he hadn't received his item yet. Poor guy it was his first eBay transaction, probably last.

fixnix - Even if its a free-trial AOL account, could AOL find the phone number he dial in from? The banks address is in New York. I don't know how old the Norton defs are but the Ad-Aware I download and installed 2 nights ago.  As for IE, she uses firefox, and doesn't use any local email reader. Firewall, I have a Linux system inbetween her machine and the internet. All software on that is updated regularly.

Casinoguy - I believe she knows better.

Any way I guess I'll call that bank today, and walk across the street to the police station.
Its a sad time on the internet these days, the biggest thing to happen globally in a few hundred years and it was 'free' but there are always people looking to make money at the cost of anything and its those people that are turning society in to the way it is today.

But yes, speak with the police

and i'll put a more cheery CD on  ;)

All Courses

From novice to tech pro — start learning today.