eBay hacked, all members' account details stolen!

Page 1 of 2 [ 20 posts ]  Go to page 1, 2  Next

TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 6:38 am

Apparently the hack occurred two-three months ago but eBay only discovered the breach a few weeks ago but have tried to hide the hack since. News about the security breach only leaked out yesterday due to a slip by someone on the eBay blog.

I've just been on their site and both changed my password and closed my account. Their response to the breach (hiding it) is appalling behaviour.

Quote:
Online auction site eBay is telling all 233m of its users to change their passwords following a "cyber attack" which compromised a database of account information.

"The database, which was compromised between late February and early March, included eBay customers? name, encrypted password, email address, physical address, phone number and date of birth," said the company.


http://www.telegraph.co.uk/technology/internet-security/10846553/eBay-tells-users-to-change-passwords-after-cyber-attack.html

Quote:
Some eBay customers had managed to change their password, but pointed out that their data would remain in the hands of hackers. Ian Cummings said: ?I can change my eBay password, but I can't change my name, home address, phone number & birthday.?


http://www.telegraph.co.uk/technology/internet-security/10848947/eBay-buckling-under-password-pressure.html


_________________
I've left WP indefinitely.


Toy_Soldier
Veteran
Veteran

User avatar

Joined: 17 Jul 2012
Gender: Male
Posts: 3,370

22 May 2014, 7:09 am

Nothing seems secure online anymore no matter what they say. One after another its like every institution is compromised. I am certainly thinking on how to reverse course and reduce online presence, but in some cases its not even possible. I am surprised there hasn't been more of a public uproar about it.



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 7:14 am

Toy_Soldier wrote:
... I am surprised there hasn't been more of a public uproar about it.


It has only just been made public, but there is likely to be a huge uproar about it.

Quote:
Why did eBay take THREE MONTHS to reveal cyber attack? Website blasted for 'inexcusable' delay after customers details were hacked as long ago as February


http://www.dailymail.co.uk/sciencetech/article-2635053/Use-eBay-Then-change-password-NOW-Site-requests-users-change-personal-details-dont-explain-why.html


_________________
I've left WP indefinitely.


BirdInFlight
Veteran
Veteran

User avatar

Joined: 8 Jun 2013
Age: 64
Gender: Female
Posts: 4,501
Location: If not here, then where?

22 May 2014, 10:51 am

Holy crap. I had no idea. I've been a member of 100% good standing there for ten years -- I'd hate to have close my account and start over.

Pretty angry at ebay for not even notifying us. They could have sent out mass emails but I've heard this for the first time here. Changing my password now.



KingdomOfRats
Veteran
Veteran

User avatar

Joined: 31 Oct 2005
Age: 42
Gender: Female
Posts: 4,833
Location: f'ton,manchester UK

22 May 2014, 10:56 am

BirdInFlight wrote:
Holy crap. I had no idea. I've been a member of 100% good standing there for ten years -- I'd hate to have close my account and start over.

Pretty angry at ebay for not even notifying us. They could have sent out mass emails but I've heard this for the first time here. Changing my password now.

it was all over the news last night [uk time].


_________________
>severely autistic.
>>the residential autist; http://theresidentialautist.blogspot.co.uk
blogging from the view of an ex institutionalised autism/ID activist now in community care.
>>>help to keep bullying off our community,report it!


BirdInFlight
Veteran
Veteran

User avatar

Joined: 8 Jun 2013
Age: 64
Gender: Female
Posts: 4,501
Location: If not here, then where?

22 May 2014, 11:12 am

Didn't see any TV last night; literally only knew about this from here -- that's scary. 8O



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 11:52 am

More:

Quote:
Graham Cluley, independent security expert, said: ?Obviously they?ve got hold of names, addresses and dates of birth. All of this can be used to commit identity fraud.

?If they have your password, and you have the same password for other websites, hackers could access your email, your Amazon account and who knows what else.?

And internet security expert Paul Martini said: ?eBay users must act and follow the advice to change their passwords. But the damage could have already been done, as the time lag is months between the cyber breach and the discovery of the breach.


and

Quote:
The exposure of encrypted passwords is bad news because it's now easy to create convincing phishing emails urging people to change their eBay passwords ? although said scam emails will instead take victims to a site masquerading as eBay.com to swipe their details.


http://www.theregister.co.uk/2014/05/21/ebay_breach/

So if you get any emails purporting to be from eBay, they may or may not be from eBay. You can't rely on the fact the email refers to you by your full name or maybe includes your address or date of birth - the fraudsters already have that information now! Don't click on any links in such emails, they may take you to a bogus copy of the eBay site where they will try to steal your new password or more personal information such as credit card / bank details.

eBay has screwed up big time with this.


_________________
I've left WP indefinitely.


Toy_Soldier
Veteran
Veteran

User avatar

Joined: 17 Jul 2012
Gender: Male
Posts: 3,370

22 May 2014, 12:13 pm

You know they kept quiet about it so as not to loose business/money, and that really is a crappy way to treat their customers. Ebay wasn't one of the sites highlighted as being compromised by the Heartbleed vunerability, so I guess this was something different ?

Whomever made the decision to keep it quiet should be identified and lose their job(s).



equestriatola
Veteran
Veteran

User avatar

Joined: 13 Aug 2012
Gender: Male
Posts: 154,169
Location: Wherever my mind wants it to be

22 May 2014, 12:18 pm

First Target, now this? *sigh*


_________________
Hey, all. I'm just Johnny. Go ahead and talk to me if ya wish.


TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 12:24 pm

Toy_Soldier wrote:
You know they kept quiet about it so as not to loose business/money, and that really is a crappy way to treat their customers. Ebay wasn't one of the sites highlighted as being compromised by the Heartbleed vunerability, so I guess this was something different ?

Whomever made the decision to keep it quiet should be identified and lose their job(s).


Apparently hackers got hold of several eBay employees passwords and from there got into the eBay network. How they got those passwords isn't clear yet, but some sort of phishing / tricking of those employees is suspected. I wonder if it was the old "Hello, this is the IT department, were updating the system, can you confirm your username and password please?" :roll:


_________________
I've left WP indefinitely.


KB8CWB
Veteran
Veteran

User avatar

Joined: 27 Feb 2014
Age: 65
Gender: Male
Posts: 637
Location: West Salem, Ohio

22 May 2014, 1:07 pm

This is certainly news I DIDN'T need to see. I have been on evilbay for over 15 years now. Now that I am disabled but denied by government, it is my ONLY source of income (it isn't much). Now what the heck do I do? I REALLY didn't need this right now.... :wall:



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 1:16 pm

KB8CWB wrote:
This is certainly news I DIDN'T need to see. I have been on evilbay for over 15 years now. Now that I am disabled but denied by government, it is my ONLY source of income (it isn't much). Now what the heck do I do? I REALLY didn't need this right now.... :wall:


Change your password immediately. If possible change your email address too, that way if you subsequently get any phishing emails to your existing account claiming to be from eBay you know they will be fraudulent. Regarding the risk of identity theft all you can do is the same as the rest of us... be vigilant and keep a close eye on your bank account / card transactions.


_________________
I've left WP indefinitely.


KB8CWB
Veteran
Veteran

User avatar

Joined: 27 Feb 2014
Age: 65
Gender: Male
Posts: 637
Location: West Salem, Ohio

22 May 2014, 1:31 pm

TallyMan wrote:
KB8CWB wrote:
This is certainly news I DIDN'T need to see. I have been on evilbay for over 15 years now. Now that I am disabled but denied by government, it is my ONLY source of income (it isn't much). Now what the heck do I do? I REALLY didn't need this right now.... :wall:


Change your password immediately. If possible change your email address too, that way if you subsequently get any phishing emails to your existing account claiming to be from eBay you know they will be fraudulent. Regarding the risk of identity theft all you can do is the same as the rest of us... be vigilant and keep a close eye on your bank account / card transactions.


Just changed my password. It is nearly impossible for me to change my email account. It is my primary and is tied to my android phone, etc. It would be a total bloody mess to go thru and try and change all of that. Thankfully unless emails are from someone I know, they get sent to the bitbucket in the sky. Thanks for the heads up on this! Ebay never even notified me. :thumbdown:



BirdInFlight
Veteran
Veteran

User avatar

Joined: 8 Jun 2013
Age: 64
Gender: Female
Posts: 4,501
Location: If not here, then where?

22 May 2014, 2:58 pm

Yep I want to say thank you to Tallyman also.

It was the first I heard of it. I actually take huge breaks from even watching the news because it increases my anxiety, surprise, surprise, but of course the downside is I have no clue if something like this is happening....

BUT.....ebay should have sent all members warning. Months ago. NO excuse for that failure.



TallyMan
Veteran
Veteran

User avatar

Joined: 30 Mar 2008
Gender: Male
Posts: 40,061

22 May 2014, 4:42 pm

Quote:
EBay Users Still at Risk After Cyberattack, Even If They Change Passwords


Another article here:

http://mashable.com/2014/05/22/ebay-users-at-risk-after-cyberattack-change-passwords/


_________________
I've left WP indefinitely.


khaoz
Veteran
Veteran

User avatar

Joined: 9 Apr 2013
Age: 69
Gender: Male
Posts: 2,940

22 May 2014, 5:25 pm

I have never even been on eBay site.