MSE News: eBay cyber-attack: Change your passwords, auction site warns users

Options
Former_MSE_Helen
Former_MSE_Helen Posts: 2,382 Forumite
in Ebay, auctions, car boot sales, post & parcels
eBay is urging customers to change their passwords after information including names and phone numbers were accessed ...
Read the full story:

eBay cyber-attack: Change your passwords, auction site warns users

OfficialStamp.gif


Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
«134567

Comments

  • miss_miggins
    miss_miggins Posts: 181 Forumite
    Options
    I have heard nothing directly from ebay. I phoned them this afternoon and the customer service staff knew nothing about it. Nothing in my message centre either.
  • steveE2
    steveE2 Posts: 1,303 Forumite
    First Anniversary Name Dropper Combo Breaker First Post
    Options
    miss_miggins
    http://www2.ebay.com/aw/uk/201405211741492.html
  • barmonkey
    barmonkey Posts: 7,159 Forumite
    Options
    You would think that if it was that important it would be all over the front page or they would at least send out an email
    WWSD
    (what would Scooby Doo)
  • VictimOfImpersonation
    VictimOfImpersonation Posts: 334 Forumite
    edited 21 May 2014 at 8:20PM
    Options
    It seems there is no end to this kind of security lapse - or better, security foul up waiting to happen.

    With so many data theft incidents having affected some of us multiple times, coupled with other kinds of compromise (bent employees creaming off and selling personal data) then it is extremely likely that there are massive shadow databases now in the hands of organised criminals which contain accurate personal data on almost whole populations.

    Yet banks, telecoms companies and others still rely upon full name (not essential), first line of address, postcode, date of birth as security when we call up about anything. In a very large number of cases now, all those pieces of data are compromised completely. So why are we still using them for security purposes?

    The ebay announcement is very mealy-mouthed. It doesn't tell the truth in a very clear way. It obfuscates the truth with vague language.

    An ebay representative can easily correct me but my translation of their vague language is this:

    More than one set of eBay employee login details got into the wrong hands.

    This gave various levels of access to an entire database of real ebay buyer and seller names and addresses and dates of birth behind usernames.

    It also says that encrypted passwords were accessed. It does not make it clear whether the encrypted passwords were therefore decrypted by the infiltrators, or whether they remained encrypted without any likelihood of possible decryption. Nor does it say whether any of the encrypted passwords were PayPal passwords because as we know, eBay encouraged us to make automatic links between our ebay accounts and PayPal accounts.

    Clearly however, those thousands of ebayers who may have used their first name as an ebay password because they thought the user name gave anonymity, now need to change them fast. Yes don't laugh. Whilst the same person might have a strong PayPal account password because they realise it is a form of banking, I have come across many who still use very weak passwords on shopping sites thinking the risk is slight.

    The Information Commissioners Office in the UK needs total reform. It is woefully under-resourced and it needs to be forcing corporates to be much much more secure with our data.

    The daily fraud losses from Impersonation are outrageously high, and the only people that pay in the end is us.
  • Pincher
    Pincher Posts: 6,552 Forumite
    Combo Breaker First Post
    Options
    Or is it even more devious?


    Maybe they have embedded key stroke logging software on millions of PCs, and they WANT us to change our passwords.


    The hackers know from previous attempts that the passwords they raided soon become worthless, as the hack is widely publicised, followed by mass change of passwords.


    Now, they feign an attack, which does not even need to succeed, but the new password it generates will now be usable for a long time.
  • marking_bad
    marking_bad Posts: 512 Forumite
    Options
    Jack Bauer will sort 'em out.
  • VictimOfImpersonation
    VictimOfImpersonation Posts: 334 Forumite
    Options
    marking_bad wrote: »
    Jack Bauer will sort 'em out.
    Isn't he Chuck Norris' son ? Aren't they both already on eBay? Why yes of course!
  • GingerBob_3
    GingerBob_3 Posts: 3,659 Forumite
    Options
    From the point of view of identity theft this should not be much of an issue. At best the hackers will have your name (not full name) and address, together with a false DoB.

    You do all furnish a false DoB to organisations like Ebay, for data protection purposes, don't you?
  • harveybobbles
    harveybobbles Posts: 8,973 Forumite
    Options
    I just got this when I logged into eBay..

    2jdp0tj.jpg
  • barmonkey
    barmonkey Posts: 7,159 Forumite
    Options
    just logged in as usual, no sign of the above message.
    WWSD
    (what would Scooby Doo)
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 343.4K Banking & Borrowing
  • 250.1K Reduce Debt & Boost Income
  • 449.8K Spending & Discounts
  • 235.5K Work, Benefits & Business
  • 608.3K Mortgages, Homes & Bills
  • 173.2K Life & Family
  • 248.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.9K Discuss & Feedback
  • 15.1K Coronavirus Support Boards