A few weeks ago, someone stole my identity (temporarily) on eBay. I was mystified at the time, and eBay (which handled the problem beautifully for me) also was at a loss. My password is not subject to dictionary attacks and comprises letters, numbers, and punctuation. My email account was not compromised. I have never spoken my eBay password aloud or stored it on my computer. I haven't accessed the account at insecure locations. So how was it ripped off?

Turns out I'm not alone. A PC World editor was similarly hijacked - and she and eBay have no explanation, either. eBay may have a mole, or may have someone who has figured out how to manipulate DNS temporarily to redirect outbound email to specific domains. This would allow someone to generate a password change request, intercept the email, login, and change the account. In my case, the hijacker was trying to sell digital cameras with 7-day auctions (which eBay said was weird - usually the auctions are quick to get in and out). They required international money orders for payment, too. Bells should be going off.

Anyone else hijacked?

Glenn Fleishman writes words about things

turning tech mumbo-jumbo into tasty, readable gumbo