Hi all. Seems like a good idea to change our passwords, since multiple sources are reporting this morning that eBay has confirmed a cyber attack and will be requesting users to change passwords.

From here: http://www.marketwatch.com/story/ebay-asks-users-to-change-passwords-after-cyberattack-2014-05-21

EBay asks users to change passwords after cyberattack

NEW YORK (MarketWatch) -- EBay Inc. EBAY -1.85% said Wednesday it will ask its users to change passwords after a cyberattack that compromised a database containing encrypted passwords. The online auctioneer said it has no evidence that the attack led to unauthorized access to financial or credit-card information but is working with law-enforcement and security experts. "Changing passwords is a best practice and will help enhance security for eBay users," the company said in a statement. Shares were down 1.4% in premarket trade.

Here's another article about it from CNET.  

 

http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/

 

Not very reassuring that it happened in February or March and they just realized it a few weeks ago.

Sigh....another trip to the random password generator...

Also not very assuring, that eBay customer service didn't know anything about it (just called - because of something else, but also asked about this).

Wow, that's not good. So it wasn't just passwords. From the official eBay blog post (https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/), data stolen included:

customers

<scare>And in a few weeks Lego will cross-reference their new data from eBay with their own, and find all those who sold Lego recently and are in their VIP program.</scare>

<scare>And in a few weeks Lego will cross-reference their new data from eBay with their own, and find all those who sold Lego recently and are in their VIP program.</scare>

Damn, LEGO was behind the heart bleed bug all along? All the conspiracy theorists were right! 

Damn, LEGO was behind the heart bleed bug all along? All the conspiracy theorists were right! 

Which is why tin foil hats are much safer investment

Which is why tin foil hats are much safer investment

 

Amazon only has 78 tin-foil hats left in stock.

Amazon only has 78 tin-foil hats left in stock.

Oh man.  I'm on my way to price match at target.

Amazon only has 78 tin-foil hats left in stock.

Poofed them. But now I cannot sell them on eBay because of all these cheap chinese fakes: http://www.ebay.com/itm/Plastic-Tin-Man-Hat-/291142865030?pt=US_Costumes&hash=item43c9779086

This one still available at Amazon. Not sure if it provides good coverage though

I'm shocked that eBay took months to make this public.  I change my eBay and PayPal passwords weekly anyway.  If eBay lose a lot of money over this, the fees will have to go up yet again!

I'm shocked that eBay took months to make this public. I change my eBay and PayPal passwords weekly anyway. If eBay lose a lot of money over this, the fees will have to go up yet again!

Every week?! You're already far, far ahead than the vast majority there.

It's quite normal for organizations to not know for several weeks to months, or even at all, when something like this happens. Once they have some indication, the forensic analysis can take a while too.

Good to know later than to not know at all, of course.

But my password of 1 2 3 4 5 is also on my luggage.

 

There was also that HeartBleed breach a while back relating to SIN numbers. The internet can be a scary place! 

I think ebay should let us list fixed price for free again as an apology for their security fail

I think ebay should let us list fixed price for free again as an apology for their security fail

Seems like after they changed there fee they got attacked

Its useless to change passwords.... the breach (if sources are right) happened in March!!!! 

 

Pfishing mails are the ones to worry sicne they get your emails....

Its useless to change passwords.... the breach (if sources are right) happened in March!!!!

 

What this guy said. Except the exact opposite.

What this guy said. Except the exact opposite.

 

Look the breach happened months ago.... do you think the guys who did it would wait so long to use your password?

 

Not really.....

 

But using your mail to get you to click on fake links to get you to send money the wrong way is the point here....

 

Everything else is ''too much'' work for those pro hackers....

It makes me wonder if this breach will reduce traffic to eBay in the short term.  Even though Target's breach seemed to be more significant, they suffered for sure because of it.  Also, Target used sales and deals to bring customers back - what can eBay do if customers are leary?

So I changed my password this morning and now they are requiring me to do it again. Apparently everyone has to now and the site is locked up. A million people trying to change their passwords at the same time. The people at eBay are geniuses. What a cluster you know what.

Sent from my iPad using Brickpicker

Won't even let me change my password. I've one item sold and I can't login to process that item.

Bah!