kxl
Social Documentary
Just announced... Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.
eBay Hacked - Be sure to change your p/w
- Thread starter kxl
- Start date
- Latest activity Latest activity:
- Replies 29
- Views 3K
Sejanus.Aelianus
Veteran
Very odd. I just logged in and there's no message from eBay about this, although the BBC claims it as a news story.
Still, it never harms to change your passwords. :angel:
Still, it never harms to change your passwords. :angel:
coelacanth
Ride, dive, shoot.
Thanks for the heads up. Went ahead and changed the password. 🙂
btgc
Veteran
Is Ebay login service accepting hash codes they stole? Or thieves can decipher hash codes to passwords? Someone smarter, please say something.
kxl
Social Documentary
Not that I'm smarter, but according to online news sources, eBay is reporting that the information that was stolen was encrypted; however, eBay is saying that they have no way of knowing whether or not the thieves can break the encryption.
In any case, an ounce of prevention.....
oftheherd
Veteran
Very hard to believe they wouldn't warn people to change passwords on login.
Highway 61
Revisited
As soon as there is neither a CC number nor a valid cell phone number in your eBay account (which is possible if you use to pay your selling bills at once using PayPal and not with a CC withdrawal through eBay), and if your PayPal account password is of course NOT the same you use to log in for eBay (who's the fool who would do this ?), what could be the actual risks ? Very low I guess.
Vics
Veteran
Done. Thanks for the reminder!
ray*j*gun
Veteran
saw that today .... changed and ty for the info
ChrisLivsey
Veteran
I suspect they will do it as a roll out, if everyone logs on to the server I suppose it could overload.
The hack was in Feb. to early March (BBC) but they just found out. I think if any malicious use was being made you would have seen it by now. Of course a precautionary change is sensible. They say Paypal is not affected.
http://www.bbc.co.uk/news/technology-27503290
burancap
Veteran
Great.....
Paulbe
Well-known
Thanks for the tip! I went to my ebay account and it said server was busy--that I did need to change my password, and try again later. Can't use my account until then...
Thanks again!
Paul
Thanks again!
Paul
chambrenoire
Well-known
Thanks for the heads up
gilgsn
Established
Depends on the hash used. If they still use good'ol MD5, I'd be worried.. Anything more secure like SHA1 could not be broken by brute force, assuming your password isn't too easy.
For those who do not know about hashes: Passwords are never stored in plain text. They go through a one-way encryption process called a hash. So, whatever is entered into the hash algorithm generates a quasi-unique string of (32 for MD5, 40 for SHA1) characters which can't (without great efforts, time and resources) be decrypted. Thus, if a database is stolen, the data should not be usable...
Gil.
Solinar
Analog Preferred
My guess is that "the word is out" - via a variety of news sources. I did a p-word change a couple of hours ago upon reading this thread.
Best regards from Austin, TX
konicaman
konicaman
Oh boy - this is funny (waving my big fluffy ears) - keep up the good work!
ColSebastianMoran
( IRL Richard Karash )
At eBay, I think it's clear that one should change passwords. And, if you have used that password anywhere else, change it there as well.
My reading of good practice: Use strong passwords. Never reuse a password on any site that matters. Use a password manager program to keep track of all of this. Never enter any password on a public computer (hotel, etc.).
And… In the short term, expect an uptick in phishing attempts using the info from eBay. The badies might have your eBay id and email, for example, to construct is very real looking "click here right now" message to you.
Apparently, badges got your birthday and physical address. Such personal information, useful for identity theft, should be encrypted (it is 2014), but doesn't sound that way.
My reading of good practice: Use strong passwords. Never reuse a password on any site that matters. Use a password manager program to keep track of all of this. Never enter any password on a public computer (hotel, etc.).
And… In the short term, expect an uptick in phishing attempts using the info from eBay. The badies might have your eBay id and email, for example, to construct is very real looking "click here right now" message to you.
Apparently, badges got your birthday and physical address. Such personal information, useful for identity theft, should be encrypted (it is 2014), but doesn't sound that way.
Last edited:
Steve Bellayr
Veteran
Did mine today. Please do yours.
burancap
Veteran
This has gotten interesting.
I changed my password this morning prior to this thread.
I changed it via a web browser and moved on. Now the various iApps won't accept the new password -pushing the user into password reset mode (with acknowledgement of the breach) sending you back out to a browser. Upon arrival you get the "due to heavier than anticipated volume ... blah blah blah."
I changed my password this morning prior to this thread.
I changed it via a web browser and moved on. Now the various iApps won't accept the new password -pushing the user into password reset mode (with acknowledgement of the breach) sending you back out to a browser. Upon arrival you get the "due to heavier than anticipated volume ... blah blah blah."
ColSebastianMoran
( IRL Richard Karash )
More info. This from the NY Times:
Passwords appear to have been encrypted properly, with "salts". It's complicated, but this is the right way. (Adobe had it wrong, exposing many passwords in the Oct 2013 breach).
One more: Discovered this very informative site http://haveibeenpwned.com to find out if your info has been exposed in any recent hack. Sign up for notice if it's exposed in future hacks.
Passwords appear to have been encrypted properly, with "salts". It's complicated, but this is the right way. (Adobe had it wrong, exposing many passwords in the Oct 2013 breach).
One more: Discovered this very informative site http://haveibeenpwned.com to find out if your info has been exposed in any recent hack. Sign up for notice if it's exposed in future hacks.
Similar threads
- Article
- Article
- Article
