A few weeks ago, someone stole my identity (temporarily) on eBay. I was mystified at the time, and eBay (which handled the problem beautifully for me) also was at a loss. My password is not subject to dictionary attacks and comprises letters, numbers, and punctuation. My email account was not compromised. I have never spoken my eBay password aloud or stored it on my computer. I haven't accessed the account at insecure locations. So how was it ripped off?
Turns out I'm not alone. A PC World editor was similarly hijacked - and she and eBay have no explanation, either. eBay may have a mole, or may have someone who has figured out how to manipulate DNS temporarily to redirect outbound email to specific domains. This would allow someone to generate a password change request, intercept the email, login, and change the account. In my case, the hijacker was trying to sell digital cameras with 7-day auctions (which eBay said was weird - usually the auctions are quick to get in and out). They required international money orders for payment, too. Bells should be going off.
Anyone else hijacked?