barnwulf
Well-known
I just changed my password just to be safe. It was long overdue anyway. - jim
eBay Hacked - Be sure to change your p/w
- Thread starter kxl
- Start date
- Latest activity Latest activity:
- Replies 29
- Views 3K
burancap
Veteran
Thanks for that link. Interesting to see I was clear except for the Adobe breach, but who wasn't hit by that?
colyn
ישו משיח
When I logged in there was a message to change my password..
lynnb
Veteran
I'm not sure this is related to the eBay hack.. from our recent experience PayPal may also be vulnerable.
Two and a half weeks ago we received an email from PayPal advising us that during the night we had purchased a USD$2000 (AUD$2331) used Macbook Pro from an eBay seller in the US. We haven't bought anything on eBay for a very long time so it wasn't a nice thing to wake up realising we'd become victims of fraud.
We immediately reported it to PayPal, eBay, our bank (our credit card is linked to the PayPal account), and the police. All except eBay initiated fraud investigations. eBay confirmed no purchases had been made on our account and said we should get PayPal to look into it first. The purchase had been made from an eBay account that was unknown to us.
It took just over two weeks to obtain a full refund through our credit card provider. In the meanwhile PayPal had temporarily re-credited our PayPal account during the investigation in USD, but due to currency fluctuations the credit balance was several hundred dollars less in AUD. So pursuing compensation through the bank was the better option.
We have no idea how this scam worked as the Macbook was shipped to our PayPal address in Australia. However the USPS tracking number on the PayPal email allowed me to follow it and last time I looked somehow it was delivered to a sorting facility in Indonesia. I had tried to email the USPS to advise them they were shipping a fraudulent transaction and to return to sender but their online system only allows emails from senders with US postal addresses.
We use PayPal to make international purchases so it seems most likely one of those transactions was hacked.
We've changed all our passwords.
Two and a half weeks ago we received an email from PayPal advising us that during the night we had purchased a USD$2000 (AUD$2331) used Macbook Pro from an eBay seller in the US. We haven't bought anything on eBay for a very long time so it wasn't a nice thing to wake up realising we'd become victims of fraud.
We immediately reported it to PayPal, eBay, our bank (our credit card is linked to the PayPal account), and the police. All except eBay initiated fraud investigations. eBay confirmed no purchases had been made on our account and said we should get PayPal to look into it first. The purchase had been made from an eBay account that was unknown to us.
It took just over two weeks to obtain a full refund through our credit card provider. In the meanwhile PayPal had temporarily re-credited our PayPal account during the investigation in USD, but due to currency fluctuations the credit balance was several hundred dollars less in AUD. So pursuing compensation through the bank was the better option.
We have no idea how this scam worked as the Macbook was shipped to our PayPal address in Australia. However the USPS tracking number on the PayPal email allowed me to follow it and last time I looked somehow it was delivered to a sorting facility in Indonesia. I had tried to email the USPS to advise them they were shipping a fraudulent transaction and to return to sender but their online system only allows emails from senders with US postal addresses.
We use PayPal to make international purchases so it seems most likely one of those transactions was hacked.
We've changed all our passwords.
ark8012
Established
done. Thanks,
Interesting story, Lynn, and underscores need to pay attention! Unfortunate that the scammers got the MacBook...
Godfrey
somewhat colored
It's on the ABC News feed.
Changed passwords on both Ebay and Paypal. I'm a little overdue to change them anyway ... I usually change them every three months.
G
Changed passwords on both Ebay and Paypal. I'm a little overdue to change them anyway ... I usually change them every three months.
G
tj01
Well-known
Hashes, especially if they are salted, are very hard to break. However, given enough computing power, it's possible, especially if it's made of dictionary words.
Passwords are not stored in plain text, so they don't know if it's 'granny123' or 'leica66'. Rather, it's deciphered into a hash, after seasoning with 'salted hash'. This is new 'alpha numerical very long digit number', is compared against what they have on file, if it's identical, then you get to login.
This long character is usually what's stolen.
The hacker can usually take a simpler route, by getting passwords stored as plain text with other more rudimentary websites that you keep a login to. Which usually is the same recycled passwords with your other banking, paypal, email passwords.
Safe practices include not using similar passwords, jumble up into non-dictionary words with upper/lower case with a mix of numbers, change often.
Passwords are not stored in plain text, so they don't know if it's 'granny123' or 'leica66'. Rather, it's deciphered into a hash, after seasoning with 'salted hash'. This is new 'alpha numerical very long digit number', is compared against what they have on file, if it's identical, then you get to login.
This long character is usually what's stolen.
The hacker can usually take a simpler route, by getting passwords stored as plain text with other more rudimentary websites that you keep a login to. Which usually is the same recycled passwords with your other banking, paypal, email passwords.
Safe practices include not using similar passwords, jumble up into non-dictionary words with upper/lower case with a mix of numbers, change often.
Ezzie
E. D. Russell Roberts
The news here at home was that the account database was hacked back in Feb/Mar! But news of it hasn't leaked out before now. Evidently payment information should not have been affected.
I have not been in anyway notified by ebay of any security issues. I happened to change my password not long ago due to the OpenSSL heartbleed issue, which may have crossed me off the need to know list?
I have not been in anyway notified by ebay of any security issues. I happened to change my password not long ago due to the OpenSSL heartbleed issue, which may have crossed me off the need to know list?
Sid836
Well-known
Thanks for the tip. Oddly I have not received any notification from ebay. However, upon changing my password I have read a header message saying that since May 21 they urge their users to change their passwords.
Similar threads
- Article
- Article
- Article
