Menu Icon

Seeing Past eBay’s Security Blind Spot

Published on Mar. 11, 2016

Last updated on Feb. 26, 2020
3 min read

2014 saw an enormous eBay security breach: cyberattackers gained access to employee login details, and with it a treasure trove of customer information. It tarnished eBay’s reputation and left them scrambling for help from experts and law enforcement.

The impact was brief but huge. Between the eBay breach and other security concerns, 25% of American consumers temporarily stopped shopping online.

While eBay managed to survive due to good PR and the loyalty of its customers, the damage could have crippled a smaller company. One would expect eBay security to have become nigh impregnable after that hard-learned lesson.

Yet eBay business accounts remain exceptionally vulnerable to theft and abuse today.

Last updated 10/19/2018.

eBay’s Big Blind Spot

Blind

The eBay security breach was bad enough when the login information of a couple employees fell into the wrong people’s hands. But imagine: What if the attackers had accessed your business account and begun abusing it? What if they started impersonating your company, even for a limited time, and tried to sink it?

These are risks that eBay businesses take every day.

Why? Because eBay only provides one login per account.

One.

Most other business-oriented websites make it easy to field a team. I’m personally fond of Upwork’s option to create teams and even separate companies from one account, leaving you in control while restricting the access of employees and freelancers. Even eBay’s top competitor, Amazon, allows you to give others limited access to your account and set their permissions.

eBay doesn’t allow you to do that. You have to give users complete control of your account to give them any access at all.

This is an enormous risk. It’s easy enough for a well-intentioned employee to destroy your eBay account without even having access to it. When you give them full administrative privilege, you run the risk of them stealing the account entirely.

Is there any way to minimize the danger?

Free (and Mostly Obvious) Ways to Limit Employee Access

There are a few basic steps you can take to limit your risks for free:

  • If you have to share your login information, use software like LastPass to prevent your employees from seeing your passwords or sharing them with others. (Note: You may need a paid account if you have a large business.)

LastPass

  • Create secret questions for your account before you ever let an employee access it—and make those questions as difficult to answer as possible.
    • Don’t use anything your employees can figure out. If the first company you ever worked for is on your LinkedIn, don’t use that as a security question.

eBay Security Questions

  • Keep the email account you use for eBay out of reach of your employees. Link it to your phone number, and to a backup email address that your employees don’t know about. Use different passwords for all of these accounts.
  • When hiring, demand references—and actually call them!

These common-sense steps will reduce your risks, but they certainly won’t eliminate them. You’ll need to turn to third-party software to really keep your account secure.

Paid Options

The best solutions cost a little extra.

SixBit

SixBit

If you need employees to manage your eBay listings, consider SixBit. They allow you to create accounts for multiple users and set the permissions for each. No need to let your employees access your full account and do whatever they want with it.

Learn how to set SixBit permissions here.

ChannelReply + Zendesk or Freshdesk

ChannelReply

If you have dedicated customer service employees, there’s no need for them to manage anything except your messages. You also don’t want them to get bogged down in an interface designed primarily for managing your listings. Finally, if you’re a multichannel seller, you probably don’t want to waste money on different software for eBay, Amazon and your own website.

ChannelReply sends eBay messages to your Freshdesk or Zendesk account, where they appear as organized and threaded tickets. Your customer service employees never need to log in to your eBay account. And although ChannelReply gives the agent info about the listing and a link to it, they won’t be able to manage the listing unless they already have access to your account.

ChannelReply works exactly the same way with Amazon. It’s also very easy to set up any of the above helpdesks with your own website, making the combo an excellent solution for multichannel sellers.

Check out ChannelReply and start your free trial. And don’t forget to try Zendesk or Freshdesk for free if you haven’t yet!

Summary

eBay Business Account Security

Failing to maintain a high level of eBay security can result in disaster for your business. Common-sense best practices and free security software like LastPass can limit your risks, but still leave you vulnerable to rogue employees and security leaks. Any business owner who can afford it should use software like SixBit or ChannelReply to limit employee access and stay in control.