MSE News: eBay cyber-attack: Change your passwords, auction site warns users
Comments
-
harveybobbles wrote: »I just got this when I logged into eBay..
Yes, I get the same been trying for over 3 hours (on and off) and still not able to edit password. Take months to let on there is a security breech and then they make it nigh impossible to change password.Thoughts:
The surest sign that there is intelligent life in the universe is that they haven't contacted us yet:DLife's most urgent question is: what are you doing for others?Life's most urgent question is: What are you doing for others;) - Martin Luther King jr0 -
Nothing like that when I log in and nothing in messages or any email!0
-
Yes what an awful muddle.
eBay and its customers are like rabbits stuck in headlights in the middle of the road. Doesn't it just show what how delicate this whole corporate sham about cyber-security really is ?
You have the likes of GingerBob (and a few more of us) telling corporates white-lies about our DoBs and Mother's maiden name to protect ourselves a little from exactly this kind of data theft (I think even we are kidding ourselves), but more importantly you have corporates telling us that they know we ('people') do that so they don't close the shutters when a little bit of inconsistent data is given to them by fraudsters, even when that means they end up with that same inconsistent data then incorporated into the body of their so-called security! Security so easily becomes "lies within lies" and we know what happens when three or more parties start telling each other lies, and know that they are likely to be told lies but essentially ignoring what is said and instead forming opinion based on the view of incoming from their own side - chaos and warzones.
So into the warzones you get infiltrators , either recruited or just doing their own thing and making contact with baddies, and because corporates employ so many here today gone tomorrow types and give them almost unbridled electronic access to customer data, we are asking for trouble, aren't we?
An employee may not even join a company like ebay with fraud in mind, but if they get fed up or too poor to resist temptation, they sell a bit of data to make ends meet ! Except its not a bit, is it ? It's bytes - Gigabytes and even Terrabytes in their pocket if they like but probably easier if they get login details and sufficient remote access authority so an associate can then login from a beach in San Franscisco St Petersburg Sri Lanka or Sidney and download stuff at 45Mbps and can in each case pretend to be in an ebay office or at home in Siberia. And if I really wish to physically transport data, who would believe that the 'easy-swap' 8GB MicroSD no bigger than a little finger nail in my six year old mobile phone could hold as much data a 8,000 copies of the Holy Bible, and whilst doing it, it also contains enough standalone TomTom data to navigate me reliably by road and foot all the way between London and a seedy office I was invited to visit above a bagel shop in St Petersburg ?
Meantime we all get herded this way and that like slightly uneasy sheep by ebay, by the media, by government and even by MSE! Yes not rabbits, for they are the inadequate corporate units caught defenceless. We are the sheep. The shepherds seem to be organised crime as alluded to by Pincher. That's not good.
It's probably not a coincidence (someone realising it is a good story to post at this moment) but this morning I received a link to an article about how few official resources stand against cyber-crime in the UK: http://www.idgconnect.com/blog-abstract/8297/uk-policing-unfit-purpose-digital-age-former-cop.
Oh just one thing Bob - you saidFrom the point of view of identity theft this should not be much of an issue.0 -
transcript from Ebay chat:-
AxxxxWelcome to eBay Live Help, my name is Axxx. How may I be of assistance?
rxxx
can you please confirm if UK users need to change user password?
Axxxx
Hello Rxxxx. Yes, that's correct, UK users need to change their password. I suugest you cahnge your password now if you haven't done so.
rxxxx
can I please ask as to why Ebay have not informed us personaly of this issue?
Axxxx
eBay has a responsibility to fully understand the facts which required a full investigation. .As soon as we knew what had happened and determined the best course of action, we acted immediately to disclose. We have seen no spike in fraudulent activity on the site.
rxxxx
no, you misunderstand. Why have Ebay not sent out messages to individuals via message or email to notify users of this? receiving information like this from news channels is not the way forward.
rxxxx
There is nothing on Ebay log in , or your home page!
Axxx
I understand that you have known it first in the news. That is usually the case as it is the nature of news agencies. As of now, we communicated this matter on eBay in the 'Announcement' board. I will also be forwarding your concern on why have eBay not notified members via message or email to the relevant team, so thank you for sharing that with me.
rxxxx
sorry to say that you would have received just 1* for communication in feedback!
Axxxx
I understand how frustrating this is. Rest assured I have forwarded your concern to the relevant team.
rxxxx
thank you
Ralphy:cool:
0 -
Why has it taken two weeks for them to notify us?Blessed are the cracked for they are the ones that let in the light
C.R.A.P R.O.L.L.Z. Member #35 Butterfly Brain + OH - Foraging Fixers
Not Buying it 2015!0 -
If we have to change our passwords that were encrypted (and perhaps decrypted) - as our name, address and phone number were not encrypted, do we have to change them as well?0
-
transcript from Ebay chat:-
Frank Spencer finally got a job he could stick at, crisis management for Ebay. They really have managed to make a bigger mess out of something that they could have easily played down and not for the first time..0 -
Not surprised at anything – EBay login details appear to have been hacked for some time due to an XSS scripting vulnerability.
I understand that this was warned about by the US Dept of Homeland Security in a vulnerability note issued in 2006:
https://www.kb.cert.org/vuls/id/808921
I recall mentioning this in post 6 in an earlier thread:
http://forums.moneysavingexpert.com/showthread.php?t=4892376&
The Twitter account of user “oneEyedJack5” indicates the extent of the scams and fraud taking place:
https://twitter.com/OneEyedJack50 -
frank_potter wrote: »The Twitter account of user “oneEyedJack5” indicates the extent of the scams and fraud taking place:
https://twitter.com/OneEyedJack5.0 -
I've changed my password and my email address in both ebay accounts. I'm not happy about this I found when changing personal details: Last change to registration or feedback: 08-Apr-14 15:20:41 BST
And in my 2nd ebay account found this: Last change to registration or feedback: 02-Apr-14 13:36:47 BST
I know that was not me as I was away at those times and never used the internet. No, I don't use the internet that often0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.9K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards