Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

eBay Hacked, Urges All Members to Change Passwords Immediately
Yahoo ^ | May 21, 2014 | Jason O. Gilbert

Posted on 05/21/2014 4:43:38 PM PDT by kingattax

The online auction and sales giant eBay posted a message Wednesday morning saying that it had been hacked, urging all of its members to change their passwords.

The company said in a statement that a database containing encrypted passwords had been breached, but that financial data, including credit card information, was stored separately and was still safe. Hackers were able to gain access to eBay employee log-ins, eBay said, which in turn gave them access to the encoded passwords.

eBay says that no unauthorized transactions have yet been made with the information. But if you’re an eBay user, you still definitely need a new password.

“[C]hanging passwords is a best practice,” the statement said, “and will help enhance security for eBay users.”

(Excerpt) Read more at yahoo.com ...


TOPICS: News/Current Events
KEYWORDS: cybersecurity; ebay; ecommerce

1 posted on 05/21/2014 4:43:38 PM PDT by kingattax
[ Post Reply | Private Reply | View Replies]

To: kingattax

I just changed my password about an hour ago.


2 posted on 05/21/2014 4:44:53 PM PDT by Extremely Extreme Extremist (100% pure organic, free-range conservative)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax

changed mine, too.


3 posted on 05/21/2014 4:50:30 PM PDT by gaijin
[ Post Reply | Private Reply | To 1 | View Replies]

To: gaijin

yep.


4 posted on 05/21/2014 4:56:37 PM PDT by IllumiNaughtyByNature ($1.84 - The price of a gallon of gas on Jan. 20th, 2009.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: kingattax

Why don’t I see anything about this on their site?


5 posted on 05/21/2014 4:57:16 PM PDT by luckymom (The Son of God became a man that men might become sons of God. -C.S. Lewis)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax

my password is up for bid sale on ebay.


6 posted on 05/21/2014 5:16:17 PM PDT by bunkerhill7 ("The Second Amendment has no limits on firepower"-NY State Senator Kathleen A. Marchione.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: bunkerhill7

“my password is up for bid sale on ebay.”

Various politicians have their votes on bid there too.


7 posted on 05/21/2014 5:18:47 PM PDT by Fai Mao (Genius at Large)
[ Post Reply | Private Reply | To 6 | View Replies]

To: kingattax

thanks for the headsup


8 posted on 05/21/2014 5:39:10 PM PDT by captmar-vell
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax

What is to pervent Ebay from being hacked again and the new pass words stolen? I am going to wait a little bit before changing my password.


9 posted on 05/21/2014 5:49:44 PM PDT by Parley Baer
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax
I don't see this when I go to Ebay and haven't received a message from them so it sounds to me like someone is trolling to get the unwary to go to a philsing site thinking they're changing their password when in fact their password is being captured.

Otherwise Ebay would have an alert out right when you sign in which they don't.

10 posted on 05/21/2014 6:02:30 PM PDT by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax

Having the database might or might not mean instant capability of using filched passwords. The closer your password is to a dictionary entry, the easier a cyberthief could crack it, however.


11 posted on 05/21/2014 6:04:38 PM PDT by HiTech RedNeck (Embrace the Lion of Judah and He will roar for you and teach you to roar too. See my page.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rashputin

It is legit.


12 posted on 05/21/2014 6:06:40 PM PDT by steve86 ( Acerbic by nature, not nurture)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Rashputin

I checked my Ebay account and same thing... no warning. And yet it is on a major site, Yahoo. This is not on Fred’s Fabulous Blog.


13 posted on 05/21/2014 6:07:08 PM PDT by HiTech RedNeck (Embrace the Lion of Judah and He will roar for you and teach you to roar too. See my page.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Rashputin

If it’s fake news, they’ve done a great job.
It’s on all major internet portals.
Do a search of “ebay hacked”

http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/

http://www.cnbc.com/id/101692205

http://www.forbes.com/sites/jameslyne/2014/05/21/ebay-hacked-bleeds-data-why-you-need-to-act/


14 posted on 05/21/2014 6:07:40 PM PDT by nascarnation (Toxic Baraq Syndrome: hopefully infecting a Dem candidate near you)
[ Post Reply | Private Reply | To 10 | View Replies]

BTW, don’t link your Paypal account to your eBay account.


15 posted on 05/21/2014 6:08:44 PM PDT by steve86 ( Acerbic by nature, not nurture)
[ Post Reply | Private Reply | To 12 | View Replies]

To: HiTech RedNeck
MSN has it as well but I'm still leary. When Ebay says to do so I'll be sure it's the real deal. Until then, it seems as much a risk to go change it as to let it sit and disconnect Paypal from your Ebay account until the facts are in.

JMHO

16 posted on 05/21/2014 6:11:19 PM PDT by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: Rashputin

http://announcements.ebay.com/2014/05/ebay-inc-to-ask-ebay-users-to-change-passwords/


17 posted on 05/21/2014 6:13:54 PM PDT by nascarnation (Toxic Baraq Syndrome: hopefully infecting a Dem candidate near you)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Rashputin

It is definitely on Ebay as an announcement. Further if you are typing in Ebay.com it is not a risk to change your password.


18 posted on 05/21/2014 6:37:35 PM PDT by Durus (You can avoid reality, but you cannot avoid the consequences of avoiding reality. Ayn Rand)
[ Post Reply | Private Reply | To 16 | View Replies]

To: kingattax

Just changed my password to the one I use for all my banks, credit cards, and Free Republic. If you see any suspicious posts using my account, this is OK. Send $15 to my Paypal account attention communists@money.hk.cn to unlock special features on your browser.


19 posted on 05/21/2014 7:03:00 PM PDT by Up Yours Marxists
[ Post Reply | Private Reply | To 1 | View Replies]

To: Durus
"Further if you are typing in Ebay.com it is not a risk to change your password."

While that may be true in this case that's sure not always the case. Target and Citibank as well as others were hit with a capture method that read what you typed on their real .com address in spite of HTTPS. Macht nichts, as they say, no guarantees either way.

20 posted on 05/21/2014 7:12:05 PM PDT by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: kingattax

Gee, you’d think Ebay could email us or contact us members
directly about a security breach? It’s not like they have no
way to find us....Right?

This supposed breach of security allededly happened
months ago. I call B.S. on this.


21 posted on 05/21/2014 7:15:56 PM PDT by Minutemen ("It's a Religion of Peace")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rashputin

I’ve never read that Citi was hacked. Target wasn’t hacked as much as an admin password was “found”, regardless they read passwords directly from databases, not through users password field entry.


22 posted on 05/21/2014 7:54:40 PM PDT by Durus (You can avoid reality, but you cannot avoid the consequences of avoiding reality. Ayn Rand)
[ Post Reply | Private Reply | To 20 | View Replies]

To: HiTech RedNeck

I went to my ebay account and had a “message” ... there were two notices; one that we’re going to ask customers to change PW; the next, we are asking. Says they think the hacking was done in Feb/Mar. I changed my ebay PW early May, so may just stick with what I’ve got.


23 posted on 05/21/2014 8:15:04 PM PDT by EDINVA
[ Post Reply | Private Reply | To 13 | View Replies]

To: kingattax

Could not change mine, forgot it.


24 posted on 05/21/2014 8:20:06 PM PDT by TruthWillWin (The problem with socialism is that you eventually run out of other peoples money.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Durus
Three companies, Citibank being one of them, had their DB hacked due to someone starting with a program that captured input from both users and administrators who were logging in over the web (which I would have thought wouldn't be permitted or would be more secure than HTTPS for admins, so go figure, maybe he didn't want to give details).

People with privilege logging in remotely having their passwords captured was the root of the problem.

My daughter is finishing up her Masters in Computer Forensics and Security and got all this from a lecture she attended recently, beyond that I don't recall the specifics. I'll take her word as being correct, you take my word as being BS, we'll both be happy.

25 posted on 05/21/2014 8:39:23 PM PDT by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory.)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Up Yours Marxists

I put 15 bucks in the mail with attn: Up Yours Marxists written on each 5 dollar bill. I’m sure it will get to you soon.


26 posted on 05/21/2014 8:51:04 PM PDT by Redcitizen (When a zombie apocalypse starts, Chuck Norris doesn't try to survive. The zombies do.)
[ Post Reply | Private Reply | To 19 | View Replies]

To: TruthWillWin
Could not change mine, forgot it

Don't you hate when that happens? There are times when I tried for weeks to remember a password, trying every variation of a common set of characters and phrases I use. For eBay, I haven't changed my password for a dozen years now. Guess it's time, as long as I record it in a safe place (which I will misplace).

27 posted on 05/21/2014 9:21:44 PM PDT by roadcat
[ Post Reply | Private Reply | To 24 | View Replies]

To: EDINVA
They "think" it was done a few months ago? Talk about shutting the barn door after the horse is out.

They're also taking their time sending that message out, too, although I guess they batch them out or something. I change my passwords every month or so anyway and my current one is less than a month old.

Once we shoot 90% of the lawyers and impose real costs and penalties on those who file fraudulent damage claims some company will be honest enough to just say, "we had our security improperly configured last Tuesday so everyone should probably change their password just in case we were hacked last Tuesday".

Until then, I guess they play CYA with a "we think we were hacked a few months back" message.

28 posted on 05/22/2014 12:45:46 AM PDT by Rashputin (Jesus Christ doesn't evacuate His troops, He leads them to victory.)
[ Post Reply | Private Reply | To 23 | View Replies]

Prolly best to request a new temporary password right away by selecting “Forgot Password” during the login process.


29 posted on 05/22/2014 12:59:46 AM PDT by Gene Eric (Don't be a statist!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: kingattax

Thanks for the heads up! Changing mine right now.


30 posted on 05/22/2014 2:02:53 AM PDT by Hetty_Fauxvert (FUBO, and the useful idiots you rode in on!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Hetty_Fauxvert

I’ve tried to change my password for an hour. You have to receive a notice in your email in order to complete the reset. Mine has not come. They have my email address blocked out for the most part in their message, but the last part of it is wrong. I wonder if it was sent somewhere else, or that is part of the hacking scheme.

Anybody else having this problem. Or what else can I do?


31 posted on 05/22/2014 2:31:14 AM PDT by lulu16 (May the Good Lord take a liking to you!)
[ Post Reply | Private Reply | To 30 | View Replies]

To: lulu16

When I went to the site to change my password (and I did see a notice at the site that I should change my password, though I never got one in my email — thanks, eBay!), I was not able to change it on my first attempt. A notice popped up that if I needed help with my password changing, to contact Customer Service. I imagine if you toodle around on the site for a while (be sure to check the very bottom of pages, since that’s where they put the stuff they don’t want you to see) you can find Customer Service and get them to help you. Luck!


32 posted on 05/22/2014 3:33:51 AM PDT by Hetty_Fauxvert (FUBO, and the useful idiots you rode in on!)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Rashputin
I have been in IT for 25 years and security has been my primary responsibility in the past. As such I will take the industry analysis at face value rather than the 3rd hand word of some IT teacher, not to disparage you or you daughter of course.

Best of luck to your Daughter. It's a crazy (sometimes literally) industry.

33 posted on 05/22/2014 6:05:38 AM PDT by Durus (You can avoid reality, but you cannot avoid the consequences of avoiding reality. Ayn Rand)
[ Post Reply | Private Reply | To 25 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson