Jump to content

eBay makes users change their passwords after hack


Recommended Posts

Posted

eBay makes users change their passwords after hack

(BBC) Online marketplace eBay is forcing users to change their passwords after a cyber-attack compromised its systems.


The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.

The company added that it had no evidence of there being unauthorised activity on its members' accounts.

However, it said that changing the passwords was "best practice and will help enhance security for eBay users".

Full story: http://www.bbc.com/news/technology-27503290

bbclogo.jpg
-- BBC 2014-05-22

Posted

since all that was stolen were encrypted passwords, it means security was not compromised (unless someone can decrypt those passwords, which is highly improbable)

Posted

I've had no message from eBay yet.

Or is this like car companies' recalls - US & EU only, nothing for (/not bothered about) Thailand customers?

Posted

since all that was stolen were encrypted passwords, it means security was not compromised (unless someone can decrypt those passwords, which is highly improbable)

http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

Depends what you mean by security. Name, email address, physical address and date of birth is a lot of info to know about people.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.

Posted

since all that was stolen were encrypted passwords, it means security was not compromised (unless someone can decrypt those passwords, which is highly improbable)

Actually, the Daily Torygraph reports "Names, email addresses, home address, phone numbers and dates of birth of all users have been stolen by hackers, the company admits".

Posted

By emailing hacking victims, eBay opens users up to more risk
Jordan Robertson

After hackers stole email addresses and other user data from eBay's network, the company announced it would email users to suggest they change their passwords. That doesn't make a whole lot of sense.

The problem with this approach is that the hours immediately following a breach are prime time for hackers. Cybercriminals are consummate opportunists. They scrutinise the news looking for ways to craft fraudulent and timely messages to trick people into clicking on them.

The millions of eBay users who may have caught wind of the breach after seeing a headline today are more likely to fall for an email scam prompting them to click a link and input their login information. A similar technique was used by Chinese military officers to hack into US companies, showing that in cyber security, people are their own worst enemies.

Instead of emailing the auction site's more than 145 million active buyers worldwide, eBay could have immediately done something that Adobe Systems, LinkedIn and Evernote all did after their recent high-profile hacks: change users' passwords. Automatically resetting accounts is becoming a "common courtesy" after many breaches, says Lysa Myers, a researcher with Slovakian security firm ESET.

Full story: http://www.theage.com.au/it-pro/security-it/by-emailing-hacking-victims-ebay-opens-users-up-to-more-risk-20140522-zrkpc.html

theage.jpg
-- The Age 2014-05-22

Posted

ebay first needed to put on the start up page that they had been hacked before telling the press ,

I understand that would have been a very short "secret" but it would have given the ebay customer a little extra time

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...