eBay Account Hacked? How to Recover and Secure It (2026)

Your friends are messaging you about strange listings you never created. A login alert points to a country you have never visited, and the password you have used for years suddenly does not work.

T

Technobezz

Senior Editor

Jun 6, 2026
9 min read

Contents

Don't Miss the Good Stuff

Get tech news that matters delivered weekly. Join 50,000+ readers.

Your friends are messaging you about strange listings you never created. A login alert points to a country you have never visited, and the password you have used for years suddenly does not work. Maybe you are seeing bids, offers, or purchases that are not yours, or your contact email and shipping address have quietly changed. This is one of the most unsettling things that can happen to an eBay account, but it is recoverable, and the steps below walk you through it in the order that resolves things fastest.

Before you start, do it from a device, browser, and network you have signed in from before, since eBay recognizes familiar setups and is less likely to add friction. Do not create a brand new account to report the hacked one. And never share a verification code, your password, or a two-step code with anyone who contacts you, because genuine eBay support will never ask you for them.

Confirm the Account Was Actually Compromised

Take a moment to confirm what you are dealing with so you act on the right problem. eBay describes the telltale signs of a takeover as a changed password, altered contact or address details, bids, offers, or purchases you did not make, and listings you did not create. If you see one or more of these, treat it as a compromise and move quickly.

Be especially wary of any unsolicited contact at this stage. eBay says it is unlikely to make unannounced calls about your account, so if you get a missed call claiming to be from eBay, do not call it back. Verify anything by checking your eBay Messages, since eBay will also have emailed you, and be suspicious of any unusual request for personal or financial information.

Change Your Password the Moment You Notice Anything

If you can still sign in, this is your single most important first move. According to eBay's official guidance on hacked accounts, the first action when you can still access the account is to change your password right away. Doing this immediately can shut the attacker out before they do more damage.

You can reach the password change from your eBay account settings, or by using the Reset your password option. eBay recommends choosing a strong password that you do not reuse on any other site. Once the new password is in place, anyone using the old one is locked out.

Reset Your Password When You Are Locked Out

If the attacker already changed your password and you cannot sign in, use eBay's Reset your password option to start over. For security, eBay asks you to verify your identity by email or text message, sending a code to the email address or phone number on the account.

If you choose email verification and do not receive the message within 5 minutes, check your spam or junk folders before assuming something went wrong. Private and business sellers also have a selfie option, which involves photographing the front and back of a government ID along with a selfie. Only enter your details once you have confirmed you are on the genuine official eBay domain, and never upload your ID anywhere else.

There is an important limit to understand here. If you cannot access the email or phone number on the account and you cannot complete the selfie or government-ID verification, eBay states that you will need to create a new account, and your prior buying and selling activity cannot be moved to it. That is why keeping your contact details current matters so much.

Contact eBay Directly If You Cannot Get Back In

When the reset flow is not enough and you still cannot sign in, reach out to eBay without delay. eBay says that if you can't sign in to your account, you should contact them immediately and they will help to secure it. Use the Contact us link found inside the Get help with a hacked account article in eBay's Help Center.

Be aware that for your protection, eBay may place a temporary hold on the account while it sorts things out. That hold is a safeguard, not a punishment, and it stops the attacker from acting while your case is handled. Do not look for a shortcut through any paid third-party account recovery service, as those are unnecessary and risky, and the official Contact us path is the route eBay supports.

Restore Your Contact Info, Addresses, and Payment Details

Once you are back in, the next job is to undo everything the attacker touched. The hacked-account guidance tells you to verify your contact information, shipping addresses, and payment details, and to change back anything that was altered. Work through each of these settings carefully.

Pay close attention to any email address, phone number, shipping address, or payment method you do not recognize. Attackers often swap in their own details so they can redirect goods or keep control, so removing those and restoring your own is essential to fully reclaiming the account.

Review Active Bids and Listings for Anything You Did Not Do

Next, check your active bids and listings to confirm they are all genuinely yours. If you find bids you did not place or listings you did not create, eBay says to contact them for help removing the unauthorized activity. If there has been no fraudulent activity, you do not need to contact them about this step.

Going through this list also helps you understand the scope of the breach. Make a note of anything suspicious before you contact eBay so you can describe it clearly.

Secure the Email Account Behind Your eBay Login

Your personal email is the master key to your eBay account, so it needs attention too. eBay recommends also changing the password on your personal email account, because a compromised email can be used to take over the eBay account all over again.

Keep that email password different from your eBay password. If both share the same password, an attacker who cracks one instantly has the other, which undoes much of the work you just did.

Turn On 2 Step Verification to Lock It Down

With the immediate fire out, harden the account so this does not happen again. eBay strongly recommends enabling 2 Step Verification, and with it turned on, eBay states that only you can access the account even if someone has your password. You can set it up using a push notification through the eBay app, an SMS text code, or a one-time passcode from an authenticator app.

You can manage 2 Step Verification from your account settings, under the sign-in and security options, where you choose the method you prefer. The text option sends a code to your mobile number, while the app push option lets you approve sign-ins from the eBay app. If you choose an authenticator app, eBay names Google Authenticator, Microsoft Authenticator, or Authy as options.

Whichever method you pick, remember that a real code is for you alone. Anyone asking you to read out a 2 Step Verification code is trying to break in, not help you.

Add a Passkey and Keep Your Details Current

For an extra layer of protection, eBay's tips for keeping your account secure recommend setting up a passkey, which is a biometric sign-in such as a fingerprint, Face ID, Touch ID, pattern, or PIN. You can add one from the sign-in and security options in your account settings.

eBay also advises keeping your contact details up to date, which is what makes the password-reset and identity-verification routes available to you if you are ever locked out again. Stay alert for spoof or phishing emails as well, since these are a common way accounts get compromised in the first place.

If Money Was Taken, Bring In Your Bank and the Police

If someone used your account without permission and money is involved, do not rely on eBay alone. eBay states that you should contact your credit card company and your bank so they can watch for or reverse fraudulent charges. You may also want to file a police report, which can support disputes and create an official record of the incident.

Acting quickly matters, as card issuers and banks often have time windows for disputing unauthorized transactions. The sooner you flag the activity, the better your chances of recovering any funds.

Frequently Asked Questions

What is the very first thing I should do if my eBay account is hacked?

If you can still sign in, change your eBay password right away, as eBay names this as the first action for a hacked account. If you cannot sign in, use the Reset your password option, and if that does not work, use the Contact us link inside the Get help with a hacked account article so eBay can help secure the account.

What happens if I cannot access the email or phone number on my account?

eBay's reset flow verifies you by sending a code to the email or phone number on file. If you cannot access either of those and you also cannot complete the selfie or government-ID verification, eBay states you will need to create a new account, and your previous buying and selling activity cannot be transferred to it.

I did not get the password-reset email. How long should I wait?

If you chose email verification and the message has not arrived within 5 minutes, eBay advises checking your spam or junk folders. The reset email is the only timing eBay publishes, and it does not state a separate timeline for restoring a hacked or held account.

Will eBay call me about my hacked account?

It is unlikely. eBay says it is improbable that it will make unannounced calls about your account, so if you get a missed call claiming to be eBay, do not call it back. Verify anything by checking your eBay Messages, since eBay will also have emailed you, and never share personal or financial details with an unexpected caller.

Does 2 Step Verification really keep my account safe even if someone has my password?

Yes. eBay states that with 2 Step Verification turned on, only you can access the account even if someone has your password. You can use an eBay app push notification, an SMS text code, or an authenticator app code, and you should never share that code with anyone.

Should I pay a third-party service to recover my account faster?

No. eBay's documented routes are the Reset your password option, identity verification, and the Contact us link inside the hacked-account article. Avoid any paid third-party recovery service, and always confirm you are on the genuine official eBay domain before entering your credentials or uploading identification.

Share