biggs682
Itching to get back on my bike's
- Location
- Northamptonshire
ours is done
Ebay has been hacked - change your password now!
- Thread starter Ganymede
- Start date
Page may contain affiliate links. Please see terms for details.
smokeysmoo
Legendary Member
- Location
- Bolton, not very far from Nob End
I had to update my PayPal one a few weeks ago after some shenanigans, and they now insist your password is not only a minimum length, but that it's made up of lower case, upper case, numeric and symbols, bit of a pain but clearly more secure than previously.
But absence if evidence is not evidence of absence, and if it's taken them since February even to notice they've been hacked, I really wouldn't trust them to investigate it competently
jefmcg
Guru
btw, how are they "urging"? I've haven't had an email, and when I logged in there was no message advising me to do this.
if you look at 'Announcements' After you login
you should see this message" ***eBay Inc. To Ask eBay Users To Change Passwords***
21 May, 2014 | 05:42PM BST
Hello,
Earlier today eBay Inc. announced it is aware of unauthorised access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorised access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.
As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you. We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.
Click here for updates and additional information.
Regards
The eBay-Team"
The further information is available here http://www.ebayinc.com/in_the_news/story/faq-ebay-password-change
Fnaar
Smutmaster General
- Location
- Thumberland
Changed mine 
Not that I've used it for the last 3 yrs, but there you go.
I always use s different one for each site (though some are variations on a theme).
So they'll never get "theydontlikeitupem24"
Not that I've used it for the last 3 yrs, but there you go.I always use s different one for each site (though some are variations on a theme).
So they'll never get "theydontlikeitupem24"
jefmcg
Guru
if you look at 'Announcements' After you login
OP
OP
Ganymede
Veteran
- Location
- Rural Kent
Action and criticism from US authorities: 3 states are making enquiries into ebay's lack of info to customers and requesting free credit checks for anyone affected: http://www.theguardian.com/technology/2014/may/22/states-investigate-ebay-response-cyber-attack
Probably fake ebay database is on sale online (though not on ebay, chuckle): http://www.theguardian.com/technolo...database-on-sale-for-145-bitcoin-is-authentic
Much disaffection amongst users who are now wondering where all those high fees and cuts from postage actually go, since the organisation is neither conferring with their customers nor making improvements to service...
My main beef is that you only find out when you log in, which I haven't done for some time, and then only if you click on your message tab. If you've missed the press reports and haven't been on ebay for a few months - and a lot of users don't log on frequently - you're ignorant of the whole affair.
Probably fake ebay database is on sale online (though not on ebay, chuckle): http://www.theguardian.com/technolo...database-on-sale-for-145-bitcoin-is-authentic
Much disaffection amongst users who are now wondering where all those high fees and cuts from postage actually go, since the organisation is neither conferring with their customers nor making improvements to service...
My main beef is that you only find out when you log in, which I haven't done for some time, and then only if you click on your message tab. If you've missed the press reports and haven't been on ebay for a few months - and a lot of users don't log on frequently - you're ignorant of the whole affair.
Octet
Veteran
And that is what I can never understand, web development 101 is you salt and hash passwords when storing them in a database.... never encrypt!
(For those who don't know, salting is where you add a random sequence of characters to the original password (since you can never trust a user to come up with something secure, it prevents dictionary attacks) and hashing is changing the password into a secure string of characters. It cannot be reversed, which means the only way to recover it is to know exactly what was typed originally and then to compare the two. It works because no two characters or strings shall ever produce the same hash (in theory))
raleighnut
Legendary Member
- Location
- One of the 'Elite'
Hitch hikers?
jefmcg
Guru
Yup.
BTW, they now have a large "change your password" message, which should have appeared in March, or when they first announced this.
mr_cellophane
Legendary Member
- Location
- Essex
All nonsense. The passwords were encrypted so the hackers will have to do a lot of work to crack them. Unfortunately not so much publicity about all the names, addresses and dates of birth that were accessed and not encrypted. Now I need to move and change my name to prevent identity thieft !
jefmcg
Guru
I've just looked at my personal settings, and I can't see date of birth in there. Date of birth is something I never give websites. Is there anyway to confirm if ebay have my date of birth?
(I assume they won't try to decrypt them, but to try passwords from a word list. If they have 200+ million passwords, they will get more than a few hits)
(I assume they won't try to decrypt them, but to try passwords from a word list. If they have 200+ million passwords, they will get more than a few hits)
