EBay accounts hacked

stunno

Established Member
Joined
Apr 8, 2007
Messages
950
Reaction score
592
Points
248
Not sure if this is the correct spit for this but it might get better coverage here.
It has just been on the news that eBay are along all users to change their passwords after their system has been hacked.
All users personal details that they hold have been stolen including address, phone number and security question answers. The only info that was encrypted was the password!

This happened in February and has just been admitted to today.
 
Password changed - will be sending a very strongly worded email to them as well - not acceptable.
 
I haven't used ebay for ages and had forgotten both my username and password but it was worth changing everything.
 
How come it's on the news etc and posted here by a concerned member but when I go on Ebay Nothing ! no message or anything. Not even an email......Anyway I was well overdue to change mine, so now all done....
 
How come it's on the news etc and posted here by a concerned member but when I go on Ebay Nothing ! no message or anything. Not even an email......Anyway I was well overdue to change mine, so now all done....

Ditto.

Yes, the BBC News makes a big deal of changing your password, but on the ebay site itself? Nothing.
 
I got the impression that passwords were encrypted and they got everything else, such as the security question that would allow them to change your password. So it's even more important to change your security question than it is to change your password.
 
Changed ebay and Paypal passwords.
 
How come it's on the news etc and posted here by a concerned member but when I go on Ebay Nothing ! no message or anything. Not even an email......Anyway I was well overdue to change mine, so now all done....

ebay never give a crap about its users so nothing new there.

Just done mine, thanks for the nod.
 
I hope Ebay UK start using 2 factor authentication. They have had it on the us site for a bit.
 
One thing has just occurred to me. If you have your account linked to your paypal account, will they also now have that password? Presumably it will have been stored in the same place?
 
One thing has just occurred to me. If you have your account linked to your paypal account, will they also now have that password? Presumably it will have been stored in the same place?


Not sure about that, but may be worth changing it also.

No worries for me haven't used pappal in ages and just got a new bank card so it'll reject ant payments.
 
They've said that Paypal uses a different database that wasn't compromised. Believe them if you want!

What's strange about this announcement is that about 2 or 3 weeks ago I logged on to eBay to list an item. A day later I got an email saying my account had been flagged for suspicious activity and locked. They recommended I change my email account password as they may have used it to reset my eBay credentials. I found it really odd, now I understand it perfectly!
 
Meh, if I changed my password everytime that the news ran a scare story, I'd have lots of different passwords to remember. Oh, hang on...

Seriously though, I'm not changing anything. What's to say that hackers don't just watch for a scramble of users changing passwords that they (the hackers) don't know, and then capturing the new information and passwords for future use?

It'd be much easier to watch a site such as ebay for users swapping their passwords just after such an announcement by the BBC than to watch the site every day for a month, capturing the information from the people that change their passwords off their own back.

It may seem like a conspiracy theory, but completely possible, and fairly likely imo.
 

Attachments

  • head-in-sand.png
    head-in-sand.png
    130.9 KB · Views: 101
I'll change my password if I get an email, haven't received one as of yet. They said the passwords were encrypted, so it would be pretty difficult to decrypt the passwords if they were salted and hashed. What's more concerning is the personal details (unencrypted) they have access to, in the wrong hands that could be used more effectively in fraudulent activities.
 
I'll change my password if I get an email, haven't received one as of yet. They said the passwords were encrypted, so it would be pretty difficult to decrypt the passwords if they were salted and hashed. What's more concerning is the personal details (unencrypted) they have access to, in the wrong hands that could be used more effectively in fraudulent activities.
What's most concerning is what IronGiant said about security questions being stolen, as many sites tend to use the same security questions, this would open you up to other accounts being compromised.

I think the most important thing to do now is to make sure you have a very unique password on your main email address that isn't used anywhere else, & preferably have 2 step verification turned on for that email account. Reason being any other online account that gets compromised, you should still receive an email notifying you if anyone tries to change passwords/or any unexplained orders will still be sent to your email address & alert you to any problems.
If your main email address gets compromised, then it'll be much, much harder for you to resolve or even to detect.
 
It was about time I changed my eBay password anyway. I had it since the very early days of eBay and because of that my old password was only 5 digits.
 
he used a captial 'G' :)
 

The latest video from AVForums

Is 4K Blu-ray Worth It?
Subscribe to our YouTube channel
Back
Top Bottom