Ebay just announced...
After Cyberattack, eBay Recommends Password Change
Max. password length 64, btw
Printable View
Ebay just announced...
After Cyberattack, eBay Recommends Password Change
Max. password length 64, btw
The video states that the database was compromised between late February and early March and so this advice would seem somewhat tardy - surely by now it would be too late to avert danger by changing passwords?
Frequently Asked Questions on eBay Password Change | ebay inc
Never hurts to change it, though. Specially if its the same password you had in Feb and March ;)
Just changed mine for the first time in maybe 10 years ......... :ziplip:
I get the feeling that the majority of us had well-aged passwords, at the very least, aged beyond 3 months. lol
Absolutely - changing passwords is good practice, regardless.
The press bulletin given out by ebay states that the compromised data was low-level stuff that is often publicly available. Either ebay is massively downplaying the severity of the compromise or it really isn't that bad - of course it's never easy to know for sure.
Glad they got around to mentioning it. These outfits are all alike. They wait until they can't wait any longer before they admit to having an attack. I too wonder if they are downplaying the severety. This CNN article said, "The database, which eBay said was compromised in late February and early March, held eBay customer's names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. However, the company says users' financial information was not accessed."
eBay hacked, requests all users change passwords - CNET
I do suppose that if financial info had been accessed, and was of the kind that could be exploited, users would be seeing that in debits from their account balances.
Don't forget, Ebay owns PayPal. I don't think so called 'hackers' give a squat as to your purchase history or feedback rating. $$$
Change your PayPal passwords too.
Then again it could all be bravo sierra.
Yes, good tip, about time I did that anyhow...done...and thanks Siguy!
I just spent an Hr on the bay,no info as to how to change a password:(
keepas then you only need 1 password.
use two factor authentication if your paranoid
I usually just change my old password back to my same old password. I'm good for a couple more years before the next major fabricated scare/distraction. Been doing this for the last 20 years and nothing has ever happened. ymmv
If they've grabbed encrypted information then it's certainly not too late to change your password.
James.
It may not be their first time - last year I've got spam that had in it information only ebay has access to. They claimed it didn't come from them, which if true means that they had a security breach. They didn't show any concern when I pointed that out and I figured that my time is more valuable than to waste it on fighting my way through the bureaucracy of a company that has the resources but not the will to make this easy.
I thought about getting their attention by pressing the only thing they care about (money) and making them pay through a lawsuit, but from the quick check the payment would've been too small and even though I haven't been using ebay in a while I decided I'd rather have the option of being able to use it in the future. I just keep with them information that could be thrown away without much consequence (junk email, junk phone number, junk password, work address).
I just changed the password about 20 minutes ago based on your suggestion; I just tried to log in & I'm locked out,,,,,,,,,It says high traffic volume now & warns of the Cyber breach,,,WTF,,,,
Someone else please try to log onto your ebay account & tell me if I'm the only one getting screwed,,,
,,,,,,,,,,,,,Wake Up Hirlau,,,,,,,,it's a bad dream,,,,,,
Attachment 167032
I just got back in with my new password,,Thank Pixel,,,,,,,,,,:beer1:
Already did mine,,,,,,,,,,,,
I tried to log on to ebayy, and now I HAVE to change my password. Can't even opt out. So I have to change my password or never log on again lol. Data gathering at its finest. In my opinion thats all it is. Here comes the spam. :rant:
Just got this in the email yesterday, figured I'd tack it on here for your information:
Quote:
Important - eBay Password Reset Required
eBay
IMPORTANT: PASSWORD UPDATE
Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.
Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.
What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.
What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.
Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.
If you have only visited eBay as a guest user, we do not have a password on file.
If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.
Here are other steps we are taking:
As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
We are applying additional security to protect our customers.
We are working with law enforcement and leading security experts to aggressively investigate the matter.
Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.
However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.
We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.
Devin Wenig Signature
Devin Wenig
President, eBay Marketplaces
they got access to the hashed ebay password but not paypal.
have a google of aes256 cryptology and password hashs and you wont be worried
Not sure about any of these sites anymore. I've started to 'buy' set value Debt Cards that have small limited cash values and don't carry my name for Internet purchases. Just can't trust anyone anymore[emoji33]
Don't know about any if you guys but my credit cards will take care of any fraudulent charges , I do just about everything online from banking , purchasing and my investments , it's all in making sure your protected,may bank even took care of a fraud charges , from one of those people back when the accounts were hacked into ,, I never lost a nickel. Tc