cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Ebay Hacked

powderman426
Explorer
Explorer
I just got a call from a friend and was told that Ebay has been hacked.

It is suggested that those who use it change their password.
Ron & Charlotte
WD8CBT since 1976
32' Gulfstream Ameri-Camp & 05 Ram QC LB

I started with nothing and I still have most of it left

I never fail, I just succeed in finding out what doesn't work
20 REPLIES 20

1492
Moderator
Moderator
It's been mentioned in news coverage on the EBAY hack, and not from the dailybeast.com itself. It's also been reported that none of an account holder's personal info was encrypted except for the password itself. But I'm also beginning to think it's a good idea to tailor unique security answers specifically to a website. In case of a breach, those answers couldn't be used to hack another account by resetting a "lost" password?

magicbus
Explorer
Explorer
1492 wrote:
... including those common security questions for resetting passwords? These were apparently not encrypted on EBAY servers? ...
I didn't see where the security questions were taken mentioned. Did I miss it? I have recently been considering starting to use 'alias" security answers such as changing my place of birth or the street I grew up on to somewhere new because I often wonder about how that information is maintained.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

1492
Moderator
Moderator
Finally received an email tonight about changing your account password. I did see the notice on EBAY's home page and decided to change it a few days ago. More so as details emerge that the personal info of "every" of its 233 million EBAY users worldwide were hacked(source:thedailybeast.com). So why are we getting a notice about this now, and not earlier?

Worse, there is enough personal info in the hack that could be used for identity theft, including those common security questions for resetting passwords? These were apparently not encrypted on EBAY servers? Whereas PAYPAL info was?

And like the Target breach, it appears the hackers gained access to EBAY servers via stolen credentials? Which wouldn't surprise me if an employee opened some type of attachment containing a malicious keylogger, and gave permission for it to run?

You can have up to date security, but can have it quickly fall apart from the weakest link of not using some commonsense?

crcr
Explorer
Explorer
1492 wrote:
Has anyone actually received an email from EBAY about changing passwords? I haven't? And will wait until they make whatever updates necessary to secure their servers before doing so.


Yes, email received yesterday, copied and pasted below:



Important - eBay Password Reset Required
eBay

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

What I ask of you:
Go to eBay and change your password. Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:

As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
We are applying additional security to protect our customers.
We are working with law enforcement and leading security experts to aggressively investigate the matter.


Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.

We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Devin Wenig Signature
Devin Wenig
President, eBay Marketplaces

eBay sent this message to *** me ***.

ยฉ 2014 eBay Inc., 2145 Hamilton Avenue, San Jose, CA 95125

powderman426
Explorer
Explorer
1492 wrote:
rk911 wrote:
this happened back in feb/mar and we're just now hearing about it???

And still haven't received any emails from EBAY about the hack, other than my Watch Items are expiring. :S


Just log into ebay and it is clearly posted to change your password. What do you want? An engraved invitation?
Ron & Charlotte
WD8CBT since 1976
32' Gulfstream Ameri-Camp & 05 Ram QC LB

I started with nothing and I still have most of it left

I never fail, I just succeed in finding out what doesn't work

1492
Moderator
Moderator
rk911 wrote:
this happened back in feb/mar and we're just now hearing about it???

And still haven't received any emails from EBAY about the hack, other than my Watch Items are expiring. :S

Horizon170
Explorer
Explorer
magicbus wrote:
rocmoc wrote:
The notice was posted in Announcements on the Ebay site. Also was all over any of the Business (Bloomberg) Channels & Evening News.

rocmoc n AZ/Mexico
But I have to hear it here first... that ain't right.

Marvin, an example of two factor identification is when you login with id and password then the site sends a one time use PIN as a text to your phone that you then enter to complete the login process. A crook would need your userid, password AND your phone to access the site.

Dave


WOW, that is cool. I admit that I'm a bit technology impaired when it comes to phones and computers.:o
Marvin

2010 Coachman Freelander 22TB on a
2008 Sprinter/Freightliner chassis
1995 Geo Tracker (Toad)

magicbus
Explorer
Explorer
rocmoc wrote:
The notice was posted in Announcements on the Ebay site. Also was all over any of the Business (Bloomberg) Channels & Evening News.

rocmoc n AZ/Mexico
But I have to hear it here first... that ain't right.

Marvin, an example of two factor identification is when you login with id and password then the site sends a one time use PIN as a text to your phone that you then enter to complete the login process. A crook would need your userid, password AND your phone to access the site.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

Horizon170
Explorer
Explorer
mlts22 wrote:
Can't hurt to enable two factor authentication as well.


Wwwhhhhoooooooossssssshhhhhhhhhhhhhhh.
That was the sound of your statement going over my head. :?
What does the 2 factor thingy mean?
Thanks
Marvin

2010 Coachman Freelander 22TB on a
2008 Sprinter/Freightliner chassis
1995 Geo Tracker (Toad)

rocmoc
Explorer
Explorer
The notice was posted in Announcements on the Ebay site. Also was all over any of the Business (Bloomberg) Channels & Evening News.

rocmoc n AZ/Mexico
rocmoc n Great SouthWest USA

HappyKayakers
Explorer
Explorer
1492 wrote:
Has anyone actually received an email from EBAY about changing passwords? I haven't? And will wait until they make whatever updates necessary to secure their servers before doing so.


As an eBay buyer and seller, I receive at least a dozen marketing emails each month. Seems like a no-brainer to use those same channels to notify me about a database breach.
Joe, Mary and Dakota, the wacko cat
Fulltiming since 2006
2006 Dodge 3500 QC CTD SRW Jacobs Exhaust brake
2017 Open Range 3X388RKS, side porch

MrWizard
Moderator
Moderator
Ditto

I have never sold anything on there, and PayPal has an old credit card number
I will wait for the official notice

Although the security experts recommend frequent password changes on All internet accounts
Most of us do Not do that
I can explain it to you.
But I Can Not understand it for you !

....

Connected using T-Mobile Home internet and Visible Phone service
1997 F53 Bounder 36s

1492
Moderator
Moderator
Has anyone actually received an email from EBAY about changing passwords? I haven't? And will wait until they make whatever updates necessary to secure their servers before doing so.

tkcas01
Explorer
Explorer
gbopp wrote:
mlts22 wrote:
Can't hurt to enable two factor authentication as well.


You're making me feel dumber than I am, what is two factor authentication?

I think he is talking about the security questions that some sites provide.
Roaming Full Timer