PaulThe company reports that a “small number” of employee log-in credentials were compromised, allowing attackers to access a database comprised of encrypted passwords and non-financial data.
...
information visible to the attackers included “eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth."
...
eBay subsidiary PayPal was not affected by this breach, so those users account should be safe
eBay Hit with Security Breach, Change Password!
eBay Hit with Security Breach, Change Password!
eBay Hit With Massive Security Breach, Will Require Users to Change Passwords
...and then Buffy staked Edward. The end.
Re: eBay Hit with Security Breach, Change Password!
I love this part " its corporate network was actually infiltrated between late March and early April"....
It's pretty clear how some of these companies REALLY feel about customer security and notifications.... Actions speak louder than words.... and no doubt there will be lots of well crafted meaningless words like a long string of companies behind and ahead of them....
It's pretty clear how some of these companies REALLY feel about customer security and notifications.... Actions speak louder than words.... and no doubt there will be lots of well crafted meaningless words like a long string of companies behind and ahead of them....
|
Rob |
Its a dangerous business going out your front door. - J.R.R.Tolkien
-
- Posts: 5587
- Joined: Thu Aug 09, 2012 10:54 am
Re: eBay Hit with Security Breach, Change Password!
if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
Re: eBay Hit with Security Breach, Change Password!
Yes, and ebay says they don't have an increase in fraudulent activity as of yet.
-
- Posts: 5587
- Joined: Thu Aug 09, 2012 10:54 am
Re: eBay Hit with Security Breach, Change Password!
Then I'll take my chances. I'm not responsible for fraud so no need to create a new password to remember.
Re: eBay Hit with Security Breach, Change Password!
Once you convert over to a password manager like LastPass, you don't care...I can only vaguely remember being emotionally attached to passwords at this point. There, 2 minutes later and now I've got another random password on eBay...heck that old one was only 15 characters, now I've made it the max 20. And luckily the old one was random, too, so I've not exposed other accounts.barnaclebob wrote:Then I'll take my chances. I'm not responsible for fraud so no need to create a new password to remember.
The sewer system is a form of welfare state. |
-- "Libra", Don DeLillo
- pennstater2005
- Posts: 2509
- Joined: Wed Apr 11, 2012 8:50 pm
Re: eBay Hit with Security Breach, Change Password!
Changed mine. Thanks for the heads up. Not worth risking anything for a simple password change.
“If you think nobody cares if you're alive, try missing a couple of car payments.” – Earl Wilson
Re: eBay Hit with Security Breach, Change Password!
For what it's worth, Ebay and Paypal both support Two-Factor Authentication: https://www.paypal.com/cgi-bin/webscr?c ... ey-outside
Re: eBay Hit with Security Breach, Change Password!
In addition, PayPal will ask for either your bank or credit card number for confirmation.
- abuss368
- Posts: 27850
- Joined: Mon Aug 03, 2009 2:33 pm
- Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
- Contact:
Re: eBay Hit with Security Breach, Change Password!
I did see this earlier today on CNBC. Cyber crime is all around us! More and more companies appear to be impacted or breached and make the headlines!
Thank you for sharing with the forum.
Thank you for sharing with the forum.
John C. Bogle: “Simplicity is the master key to financial success."
Re: eBay Hit with Security Breach, Change Password!
Yes, but if hackers can get the passwords they might be able to get the means to decrypt. Encryption is not a recommended way to secure passwords for a web site, they should be hashing and salting. There's a lot written on the subject, if you care.barnaclebob wrote:if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
- Sunny Sarkar
- Posts: 2443
- Joined: Fri Mar 02, 2007 12:02 am
- Location: Flower Mound, TX
- Contact:
Re: eBay Hit with Security Breach, Change Password!
While trying to change my password, eBay stunned me by saying that the LastPass generated 100 character password was of "Medium" strength. Only when I decided to use it anyway, it revealed that the max password length is 64. It did however like the 64 character long password as "strong" PayPal accepts max 20 characters.roymeo wrote:[I've got another random password on eBay...heck that old one was only 15 characters, now I've made it the max 20. And luckily the old one was random
Websites keep on advising that passwords need to be random and consisting of all kinds of characters. What they really need to be are long and unique (not reused across logins).
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
Re: eBay Hit with Security Breach, Change Password!
Criminals are getting more sophisticated and many companies are sloppy with their security. Doesn't make for a great outcome.abuss368 wrote:I did see this earlier today on CNBC. Cyber crime is all around us! More and more companies appear to be impacted or breached and make the headlines!
Thank you for sharing with the forum.
Re: eBay Hit with Security Breach, Change Password!
ebay has come under a lot of criticism for this. One researcher found ebay called long strings of random numbers, letters and symbols "medium" while calling something like $superman1963 "strong".Sunny Sarkar wrote:While trying to change my password, eBay stunned me by saying that the LastPass generated 100 character password was of "Medium" strength. Only when I decided to use it anyway, it revealed that the max password length is 64. It did however like the 64 character long password as "strong" PayPal accepts max 20 characters.
Re: eBay Hit with Security Breach, Change Password!
According to this article they are hashing and salting: http://www.theregister.co.uk/2014/05/22 ... ncryption/richard wrote:Yes, but if hackers can get the passwords they might be able to get the means to decrypt. Encryption is not a recommended way to secure passwords for a web site, they should be hashing and salting. There's a lot written on the subject, if you care.barnaclebob wrote:if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
Even with hashed and salted passwords, many of them would be cracked depending on how well the passwords were chosen. And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
Re: eBay Hit with Security Breach, Change Password!
[honest, serious question] How do they know what other sites I use?patrick wrote:And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
Re: eBay Hit with Security Breach, Change Password!
They don't, but they can try your login and password at a bunch of different places, such as all of the online banking sites of the major banks.surfstar wrote:[honest, serious question] How do they know what other sites I use?patrick wrote:And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
Re: eBay Hit with Security Breach, Change Password!
Who needs decryption? That's too much like work.patrick wrote: Even with hashed and salted passwords, many of them would be cracked depending on how well the passwords were chosen. And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
Survey says that 123456 is the most popular password. What you really need is a list of usernames and you are good to go. If you feel ambitious you could try some other popular passwords.
http://www.cbsnews.com/news/the-25-most ... s-of-2013/
- Sunny Sarkar
- Posts: 2443
- Joined: Fri Mar 02, 2007 12:02 am
- Location: Flower Mound, TX
- Contact:
Re: eBay Hit with Security Breach, Change Password!
That's why I like to pair random long unique usernames with random long unique passwords. Using LastPass (or similar software) it's zero extra effort anyway.Ged wrote:Survey says that 123456 is the most popular password. What you really need is a list of usernames and you are good to go.
There's still an Achilles's heel though: the same email address used all over.
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
Re: eBay Hit with Security Breach, Change Password!
This thread is now in the Personal Consumer Issues forum (computer security).