MSE News: eBay cyber-attack: Change your passwords, auction site warns users
Options
Former_MSE_Helen
Posts: 2,382 Forumite
eBay is urging customers to change their passwords after information including names and phone numbers were accessed ...
Read the full story:
eBay cyber-attack: Change your passwords, auction site warns users
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
eBay cyber-attack: Change your passwords, auction site warns users
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
0
Comments
-
I have heard nothing directly from ebay. I phoned them this afternoon and the customer service staff knew nothing about it. Nothing in my message centre either.0
-
miss_miggins
http://www2.ebay.com/aw/uk/201405211741492.html0 -
You would think that if it was that important it would be all over the front page or they would at least send out an emailWWSD(what would Scooby Doo)0
-
It seems there is no end to this kind of security lapse - or better, security foul up waiting to happen.
With so many data theft incidents having affected some of us multiple times, coupled with other kinds of compromise (bent employees creaming off and selling personal data) then it is extremely likely that there are massive shadow databases now in the hands of organised criminals which contain accurate personal data on almost whole populations.
Yet banks, telecoms companies and others still rely upon full name (not essential), first line of address, postcode, date of birth as security when we call up about anything. In a very large number of cases now, all those pieces of data are compromised completely. So why are we still using them for security purposes?
The ebay announcement is very mealy-mouthed. It doesn't tell the truth in a very clear way. It obfuscates the truth with vague language.
An ebay representative can easily correct me but my translation of their vague language is this:
More than one set of eBay employee login details got into the wrong hands.
This gave various levels of access to an entire database of real ebay buyer and seller names and addresses and dates of birth behind usernames.
It also says that encrypted passwords were accessed. It does not make it clear whether the encrypted passwords were therefore decrypted by the infiltrators, or whether they remained encrypted without any likelihood of possible decryption. Nor does it say whether any of the encrypted passwords were PayPal passwords because as we know, eBay encouraged us to make automatic links between our ebay accounts and PayPal accounts.
Clearly however, those thousands of ebayers who may have used their first name as an ebay password because they thought the user name gave anonymity, now need to change them fast. Yes don't laugh. Whilst the same person might have a strong PayPal account password because they realise it is a form of banking, I have come across many who still use very weak passwords on shopping sites thinking the risk is slight.
The Information Commissioners Office in the UK needs total reform. It is woefully under-resourced and it needs to be forcing corporates to be much much more secure with our data.
The daily fraud losses from Impersonation are outrageously high, and the only people that pay in the end is us.0 -
Or is it even more devious?
Maybe they have embedded key stroke logging software on millions of PCs, and they WANT us to change our passwords.
The hackers know from previous attempts that the passwords they raided soon become worthless, as the hack is widely publicised, followed by mass change of passwords.
Now, they feign an attack, which does not even need to succeed, but the new password it generates will now be usable for a long time.0 -
Jack Bauer will sort 'em out.0
-
marking_bad wrote: »Jack Bauer will sort 'em out.0
-
From the point of view of identity theft this should not be much of an issue. At best the hackers will have your name (not full name) and address, together with a false DoB.
You do all furnish a false DoB to organisations like Ebay, for data protection purposes, don't you?0 -
I just got this when I logged into eBay..
0 -
just logged in as usual, no sign of the above message.WWSD(what would Scooby Doo)0
This discussion has been closed.
Categories
- All Categories
- 343.4K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.8K Spending & Discounts
- 235.5K Work, Benefits & Business
- 608.3K Mortgages, Homes & Bills
- 173.2K Life & Family
- 248.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards