eBay urges users to change passwords

pennypincher2013

Just logged into my ebay account and was looking to see if I could change any info when I see this: Last change to registration or feedback: 08-Apr-14 15:20:41 BST

I know that was not me as I was away and never used the internet. Should this be a concern? I cant see anything that has changed.

Checked my 2nd ebay account and found this: Last change to registration or feedback: 02-Apr-14 13:36:47 BST

Again, I was away and didnt use the internet and cant see anything that has changed.

henm2

The ebay security compromise was between February and early March this year. If you changed your password in April this year following the heartbleed security bug then there is really no need to change it again

Charlton_King

Just changed mine. It honestly doesn't look to be a major problem.

Ant555

pennypincher2013 wrote: »

I use same email addy for paypal. Should I change this?
.

There is no need to change your email address.
Just make sure that your password for paypal is not one that you use anywhere else.

Laz123

Crinkmeister wrote: »

You need to move house, change your name, sex, sell your car, dye your hair, change all your bank accounts then it will be ok.

Seriously, it's a flaming nuisance having to keep changing the 8 billion passwords I have!!

Sorry. Taking a deeeep breath.....Better now!

You need a Snickers. You're not the same when you're hungry.

swvillafan

I expect the list of hacked accounts will be appearing on eBay soon as a listing!

Ralph-y

transcript from Ebay chat:-

AxxxxWelcome to eBay Live Help, my name is Axxx. How may I be of assistance?

rxxx
can you please confirm if UK users need to change user password?
Axxxx
Hello Rxxxx. Yes, that's correct, UK users need to change their password. I suugest you cahnge your password now if you haven't done so.
rxxxx
can I please ask as to why Ebay have not informed us personaly of this issue?
Axxxx
eBay has a responsibility to fully understand the facts which required a full investigation. .As soon as we knew what had happened and determined the best course of action, we acted immediately to disclose. We have seen no spike in fraudulent activity on the site.
rxxxx
no, you misunderstand. Why have Ebay not sent out messages to individuals via message or email to notify users of this? receiving information like this from news channels is not the way forward.
rxxxx
There is nothing on Ebay log in , or your home page!
Axxx
I understand that you have known it first in the news. That is usually the case as it is the nature of news agencies. As of now, we communicated this matter on eBay in the 'Announcement' board. I will also be forwarding your concern on why have eBay not notified members via message or email to the relevant team, so thank you for sharing that with me.
rxxxx
sorry to say that you would have received just 1* for communication in feedback!
Axxxx
I understand how frustrating this is. Rest assured I have forwarded your concern to the relevant team.
rxxxx
thank you

Ralphy:cool:

kwikbreaks

Ant555 wrote: »

It says the passwords were encrypted.

If they used a decent algorithm then I would think its going to be quite hard to crack the encryption on the passwords.

They probably just use the standard md5 hash in which case any "dictionary" passwords used can be cracked in no time by comparing with a database of words and hashes. I've also seen lists of the most commonly used passwords so I guess they'd be included.

I heard mentioned that the actual hack happened some time ago but haven't read through all the articles on this to confirm that was the case.
===
Just read through the other posts here and see somebody else heard this too. They really should have disclosed the issue as soon as it was picked up. Unless they've ony just realised which is probably worse...

Anyhow I should be OK now - I went from password01 to password02