+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 48
IT News Thread, eBay hacked! in Other News; ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,127
    Thank Post
    232
    Thanked 2,734 Times in 2,015 Posts
    Rep Power
    799

    eBay hacked!

    You may want to change your password.

    Source: Business Wire

    eBay Inc. said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

    Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

    Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

    The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

    The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

    Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

  2. Thanks to Arthur from:

    Griff (21st May 2014)

  3. #2

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    "However, the database did not contain financial information or other confidential personal information."

    No, only my full name, date of birth and full home address. There's nothing can be done with that

    Another appropriate time to point out how marvellous https://lastpass.com/ is.

  4. Thanks to sonofsanta from:

    Griff (21st May 2014)

  5. #3
    Abaddon's Avatar
    Join Date
    Mar 2006
    Location
    Middlesex
    Posts
    602
    Thank Post
    72
    Thanked 68 Times in 63 Posts
    Rep Power
    60
    Wonderful.. bit embarrassing for them then.

  6. #4

    rush_tech's Avatar
    Join Date
    Jul 2006
    Location
    Nottingham
    Posts
    1,412
    Thank Post
    111
    Thanked 265 Times in 201 Posts
    Rep Power
    194
    Just changed mine! another lastpass user here very useful

  7. #5
    Griff's Avatar
    Join Date
    Feb 2009
    Location
    Bedfordshire
    Posts
    519
    Thank Post
    204
    Thanked 95 Times in 77 Posts
    Rep Power
    38
    Lastpass never heard of it...just watched the video...I want to be like bob.

  8. #6


    Join Date
    Jan 2012
    Posts
    2,878
    Thank Post
    1,063
    Thanked 424 Times in 313 Posts
    Rep Power
    225
    I use Keepass.. Same sort of program, I assume. I'll be changing mine when I get home. The 'Auto-type' function is awesome. I don't even need to know what my passwords are.
    Also has the advantage of meaning I can't get on eBay/etc and buy stuff when I'm not on my home PC, which is nice. Not that I actually have a problem with that.
    Last edited by Garacesh; 21st May 2014 at 03:07 PM.

  9. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Quote Originally Posted by Garacesh View Post
    I use Keepass.. Same sort of program, I assume. I'll be changing mine when I get home. The 'Auto-type' function is awesome. I don't even need to know what my passwords are.
    Also has the advantage of meaning I can't get on eBay/etc and buy stuff when I'm not on my home PC, which is nice. Not that I actually have a problem with that.
    We use KeePass at work, also marvellous. Works a bit better for the multiple-users-in-one-location scenario though (e.g. us lot in the office), where LastPass is a better fit for one-user-in-multiple-locations.

  10. #8


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,656
    Thank Post
    276
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    They didn't say when they discovered the breach.

    Does anyone know is this is "we've just noticed and are telling you now" or "we sat on the information for nearly two months and then decided to tell you"?

  11. #9
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    821
    Thank Post
    90
    Thanked 183 Times in 149 Posts
    Rep Power
    66
    Agreed, password managers are the way to go these days. I'm a heavy Lastpass user with 2FA built in. $12 a year is nothing.

  12. #10
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    821
    Thank Post
    90
    Thanked 183 Times in 149 Posts
    Rep Power
    66
    Quote Originally Posted by pete View Post
    They didn't say when they discovered the breach.

    Does anyone know is this is "we've just noticed and are telling you now" or "we sat on the information for nearly two months and then decided to tell you"?
    There was a leak of this news story this morning... Paypal put up an announcement that ebay were asking users to change passwords before ebay did. Lots of speculation at that point.

    Data leaked late Feb early March...

    eBay Inc. To Ask eBay Users To Change Passwords | ebay inc

  13. #11


    Join Date
    Jan 2012
    Posts
    2,878
    Thank Post
    1,063
    Thanked 424 Times in 313 Posts
    Rep Power
    225
    Quote Originally Posted by sonofsanta View Post
    We use KeePass at work, also marvellous. Works a bit better for the multiple-users-in-one-location scenario though (e.g. us lot in the office), where LastPass is a better fit for one-user-in-multiple-locations.
    How does LastPass benefit more from one-user-in-different-locations? Portable encrypted database, I'd assume?

    I just have Keepass on my machine at home. Google is synched to my phone, as it's an Android, and most of the other sites I use aren't really work sites anyway.. Reddit, Facebook, eBay, PayPal, etc. I've pretty much changed up everything since the HeartBleed bug, even sites that purportedly weren't affected.
    Last edited by Garacesh; 21st May 2014 at 03:35 PM.

  14. #12

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Quote Originally Posted by pete View Post
    They didn't say when they discovered the breach.

    Does anyone know is this is "we've just noticed and are telling you now" or "we sat on the information for nearly two months and then decided to tell you"?
    "The database, which was compromised between late February and early March..."

    "The company said that the compromised employee log-in credentials were first detected about two weeks ago."

    So they've sat on it for a fortnight, with it going unnoticed for two months before that.

    As the BBC News story mentions, the real danger is that the personal information that was compromised can be used on password reset forms elsewhere. Luckily my eBay username is different from every other site - only because my usual choice was already taken when I signed up back in the day.

  15. Thanks to sonofsanta from:

    pete (21st May 2014)

  16. #13


    Join Date
    Jan 2012
    Posts
    2,878
    Thank Post
    1,063
    Thanked 424 Times in 313 Posts
    Rep Power
    225
    Quote Originally Posted by sonofsanta View Post
    Luckily my eBay username is different from every other site - only because my usual choice was already taken when I signed up back in the day.
    I pretty much use the same username everywhere. Except eBay and Steam. Then again, most of my accounts are videogame accounts, so most of the time my account 'name' is my e-mail address.

    eBay and Steam names are different, for intentional reasons :P

  17. #14


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,656
    Thank Post
    276
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Dammit, I read the BBC article (which didn't mention the when), rather than RTFA linked from BusinessWire.

  18. #15

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    5,029
    Thank Post
    887
    Thanked 1,473 Times in 1,010 Posts
    Blog Entries
    47
    Rep Power
    646
    Quote Originally Posted by Garacesh View Post
    How does LastPass benefit more from one-user-in-different-locations? Portable encrypted database, I'd assume?

    I just have Keepass on my machine at home. Google is synched to my phone, as it's an Android, and most of the other sites I use aren't really work sites anyway.. Reddit, Facebook, eBay, PayPal, etc. I've pretty much changed up everything since the HeartBleed bug, even sites that purportedly weren't affected.
    LastPass is a website with browser extension - so I have the extension installed on my Firefox at work and at home (also available on Chrome), and can have it on my phone for $12 a year if I wish. If I'm somewhere without the extension, I can log into the website and get at my passwords - bit clunky, but works. There's various levels of security set up to protect the data, including local-only encryption. I've got mine set up with 2FA using Google Authenticator as well.

    HeartBleed: LastPass updated overnight to tell you not only which websites had been compromised, but also which ones hadn't updated yet, and therefore weren't worth changing your password on yet.

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. Website hacked...
    By _Bat_ in forum Web Development
    Replies: 8
    Last Post: 27th July 2007, 09:17 AM
  2. The BBC showing off WiFi Hacking
    By Ric_ in forum Jokes/Interweb Things
    Replies: 24
    Last Post: 27th October 2006, 11:33 AM
  3. Are we being hacked?
    By Paul_L in forum General Chat
    Replies: 2
    Last Post: 13th September 2006, 08:31 AM
  4. Replies: 34
    Last Post: 9th May 2006, 12:56 PM
  5. Video demonstrating hacking WEP in 10mins
    By Geoff in forum Wireless Networks
    Replies: 11
    Last Post: 3rd February 2006, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •