Jump to content

eBay password database possibly comprimised

mac

By mac
in Security & Networking

 Share

Recommended Posts

Guest LilBambi

Guest LilBambi

Posted
Posted

EBay customers must reset passwords after major hack CNN Money

 

Not just a rumor...as a precaution, in case the hackers are really good ... time to change your ebay passwords.

 

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

 

Criminals now have possession of eBay customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

 

The company isn't saying how many of its 148 million active accounts were affected -- or even how many customers had information stored in that database. But an eBay spokeswoman said the hack impacted "a large number of accounts."

Link to comment
Share on other sites
V.T. Eric Layton

V.T. Eric Layton

Posted
Posted

All this press and yet eBay hasn't made any notifications on their site or via email to their users yet. Strange. :(

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

eBay Suffers Massive Security Breach, All Users Must Change Their Passwords - May 21, 2014 - Forbes:

 

eBay is taking the breach extremely seriously stating that users employing the same password across eBay and other sites should also change those passwords. It stresses your eBay password should be unique.

 

eBay Inc. To Ask eBay Users To Change Passwords - eBay Announcements page (Posted May 21st, 2014 at 8:50 AM):

 

eBay Inc. To Ask eBay Users To Change Passwords

 

 

Earlier today eBay Inc. announced it is aware of unauthorized access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.

 

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you. We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

 

Click here for updates and additional information.

 

- See more at: http://announcements.ebay.com/2014/05/ebay-inc-to-ask-ebay-users-to-change-passwords/#sthash.V13eaJ1m.dpuf

 

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted (edited)

That Click here link: Frequently Asked Questions on eBay Password Change - ebayinc.com:

 

What happened?

 

Our company recently discovered a cyberattack that comprised a small number of employee log in credentials, allowing unauthorized access to eBay’s corporate network. As a result, a database containing encrypted password and other non-financial data was compromised. There is no evidence of the compromise affecting accounts for Paypal users, and no evidence of any unauthorized access to personal, financial or credit card information, which is stored separately in encrypted formats. The company is asking all eBay users to change their passwords.

 

What customer information was accessed?

 

The attack resulted in unauthorized access to a database of eBay users that included:

 

Customer name

Encrypted password

Email address

Physical address

Phone number

Date of birth

 

Was my financial information accessed?

 

The file did not contain financial information, and after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.

 

Has the issue been resolved?

 

We believe we have shut down unauthorized access to our site and have put additional measures in place to enhance our security. We have seen no spike in fraudulent activity on the site.

 

BOLD RED emphasis mine.

 

More in the article.

Edited by LilBambi
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

I think there is some truth to this too:

 

eBay's handling of cyber attack 'slipshod' - The Telegraph:

A British security expert has branded eBay's reaction to a huge cyber attack "slipshod" as emails warning customers that their personal details were stolen have still not been sent out, almost 24 hours after news of the security breach was inadvertently leaked

 

I certainly would have appreciated an email (not with a link it it necessarily) but message within my eBay would have been good.

 

I don't click links in email but I would have gone to eBay announcements link at the bottom of every eBay page.

Link to comment
Share on other sites
ross549

ross549

Posted
Posted

Age verification, I am sure.

 

I was not aware of the data being obtained. ;) Good to know that I need to change my password.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...