eBay got hacked...change your passwords

[Evil D]

I'm sure many of you use eBay. Might wanna look into this.
money.cnn.com/2014/05/21/technology/security/ebay-passwords/

[xceptnl]

"A large number of accounts" .... I wonder how many of the 148 million user accounts.

[The Deacon]

Saw that on another news site yesterday. It was about time to do so anyway, so I changed my password figuring it can't hurt. However, I do find it a bit odd that there has been no message from eBay itself regarding this breach.

[xceptnl]

Saw that on another news site yesterday. It was about time to do so anyway, so I changed my password figuring it can't hurt. However, I do find it a bit odd that there has been no message from eBay itself regarding this breach.

Also funny (not really) that it took 2 months to discover

[Pinetreebbs]

Thanks for the heads up, I changed my PW after LastPass posted a warning in Facebook, nothing from eBay. When my wife went to change her PW their servers were overloaded and displayed an error page that acknowledged the problem.

Another reason to use the PayPal security key to protect your account.

[chuck_roxas45]

done...Thanks David.

[thehunt]

done too...

Was a hassle to find where :-)

Thanks!

[Spydersense]

I changed mine last night when I heard about the breach. It is a little annoying that ebay didn't notify me about it.

[Pinetreebbs]

I would have liked notification from eBay, but only a message within eBay. An email telling me to change my PW, especially if they had a link, would be very suspect.

[The Deacon]

I would have liked notification from eBay, but only a message within eBay. An email telling me to change my PW, especially if they had a link, would be very suspect.

True. In fact, it's reached the point where, unless an email is from a trusted friend, no matter who it is from or how genuine it looks I never, ever, click on a link. However, one good thing about eBay is that, aside from those about a specific item you have bid on, purchased, or asked to be notified when one is listed, genuine email messages from eBay always show up as messages in your eBay inbox as well when you log onto the site. So, if I'd received a "change your password" warning from them, I'd have been able to log on the way I normally do and verify whether or not it was genuine.

The one thing that does amaze me that more people seem to be worried about this relatively "low risk" (no SSN's, no financial data) data breach than about the Experian breach, which has to be both the largest and potentially most damaging consumer data breach in history. I know it's probably because so few of us ever dealt with Experian directly, so it just doesn't register that they know more about your finances than you do.

[bh49]

I am wondering, what id not getting hacked now? Yesterday on CNN was brought -up big utility company. Pentagon, microsoft, Target and so on on the past. It looks like security experts always one step behind hackers.

[Evil D]

I am wondering, what id not getting hacked now? Yesterday on CNN was brought -up big utility company. Pentagon, microsoft, Target and so on on the past. It looks like security experts always one step behind hackers.

This is why it's stupid to blame the company. That's like blaming the home owner who gets his house broken into.

[xceptnl]

This is why it's stupid to blame the company. That's like blaming the home owner who gets his house broken into.

To an extent, you are completely correct David. I do however believe that these companies make gross amounts of money and they alone are entrusted with the security of the information that they require of their customers. If they are not constantly keeping on top of their security measures, occurrences like this can happen more frequently.

[xceptnl]

... I know it's probably because so few of us ever dealt with Experian directly, so it just doesn't register that they know more about your finances than you do.

This is so true. They seem to know if I shred my credit card offers the day I get them or wait until the weekend. Sometimes this world is scary and makes me want to go off the grid.

[Pinetreebbs]

True. In fact, it's reached the point where, unless an email is from a trusted friend, no matter who it is from or how genuine it looks I never, ever, click on a link. However, one good thing about eBay is that, aside from those about a specific item you have bid on, purchased, or asked to be notified when one is listed, genuine email messages from eBay always show up as messages in your eBay inbox as well when you log onto the site. So, if I'd received a "change your password" warning from them, I'd have been able to log on the way I normally do and verify whether or not it was genuine.

The one thing that does amaze me that more people seem to be worried about this relatively "low risk" (no SSN's, no financial data) data breach than about the Experian breach, which has to be both the largest and potentially most damaging consumer data breach in history. I know it's probably because so few of us ever dealt with Experian directly, so it just doesn't register that they know more about your finances than you do.

The Experian breach had to be a mother load of data, potentially providing answers to security validation questions. While I'm not into tin foil hats, paranoia about being constantly watched is in our DNA, it kept us from being eaten by lions in the tall grass. Today it's government, corporations and criminals hunting us.

Source: https://www.privacyassociation.org/publ ... the_ground

[anagarika]

True. In fact, it's reached the point where, unless an email is from a trusted friend, no matter who it is from or how genuine it looks I never, ever, click on a link. However, one good thing about eBay is that, aside from those about a specific item you have bid on, purchased, or asked to be notified when one is listed, genuine email messages from eBay always show up as messages in your eBay inbox as well when you log onto the site. So, if I'd received a "change your password" warning from them, I'd have been able to log on the way I normally do and verify whether or not it was genuine.

The one thing that does amaze me that more people seem to be worried about this relatively "low risk" (no SSN's, no financial data) data breach than about the Experian breach, which has to be both the largest and potentially most damaging consumer data breach in history. I know it's probably because so few of us ever dealt with Experian directly, so it just doesn't register that they know more about your finances than you do.

And the Phisers already started their work, sending fake eBay notification (and Paypal too). Be wary.

[Pinetreebbs]

Some time today I got the following message in eBay:

eBay
Important Password Update
Reset Your Password eBay Inc. Information Site
Keeping Our Buyers and Sellers Safe and Secure on eBay

On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.

We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.

Here’s what we recommend you do the next time you visit eBay:

Take a moment to change your password. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users have already updated their passwords.
Remember to always use different passwords on different sites and accounts. If you haven’t done this yet, take the time to do so.

Meanwhile, our team is committed to making eBay as safe and secure as possible. We are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.

Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.

Devin Wenig

President, eBay Marketplaces