eBay Hit with Security Breach, Change Password!

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
stratton
Posts: 11085
Joined: Sun Mar 04, 2007 4:05 pm
Location: Puget Sound

eBay Hit with Security Breach, Change Password!

Post by stratton »

eBay Hit With Massive Security Breach, Will Require Users to Change Passwords
The company reports that a “small number” of employee log-in credentials were compromised, allowing attackers to access a database comprised of encrypted passwords and non-financial data.
...
information visible to the attackers included “eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth."
...
eBay subsidiary PayPal was not affected by this breach, so those users account should be safe
Paul
...and then Buffy staked Edward. The end.
User avatar
rob
Posts: 5247
Joined: Mon Feb 19, 2007 5:49 pm
Location: Here

Re: eBay Hit with Security Breach, Change Password!

Post by rob »

I love this part " its corporate network was actually infiltrated between late March and early April"....

It's pretty clear how some of these companies REALLY feel about customer security and notifications.... Actions speak louder than words.... and no doubt there will be lots of well crafted meaningless words like a long string of companies behind and ahead of them....
| Rob | Its a dangerous business going out your front door. - J.R.R.Tolkien
barnaclebob
Posts: 5587
Joined: Thu Aug 09, 2012 10:54 am

Re: eBay Hit with Security Breach, Change Password!

Post by barnaclebob »

if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
User avatar
runner9
Posts: 2260
Joined: Tue Aug 02, 2011 8:49 pm
Location: Ohio

Re: eBay Hit with Security Breach, Change Password!

Post by runner9 »

Yes, and ebay says they don't have an increase in fraudulent activity as of yet.
barnaclebob
Posts: 5587
Joined: Thu Aug 09, 2012 10:54 am

Re: eBay Hit with Security Breach, Change Password!

Post by barnaclebob »

Then I'll take my chances. I'm not responsible for fraud so no need to create a new password to remember.
User avatar
roymeo
Posts: 1278
Joined: Sat Apr 28, 2007 7:19 pm
Location: Oakland, CA
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by roymeo »

barnaclebob wrote:Then I'll take my chances. I'm not responsible for fraud so no need to create a new password to remember.
Once you convert over to a password manager like LastPass, you don't care...I can only vaguely remember being emotionally attached to passwords at this point. There, 2 minutes later and now I've got another random password on eBay...heck that old one was only 15 characters, now I've made it the max 20. And luckily the old one was random, too, so I've not exposed other accounts.
The sewer system is a form of welfare state. | -- "Libra", Don DeLillo
User avatar
pennstater2005
Posts: 2509
Joined: Wed Apr 11, 2012 8:50 pm

Re: eBay Hit with Security Breach, Change Password!

Post by pennstater2005 »

Changed mine. Thanks for the heads up. Not worth risking anything for a simple password change.
“If you think nobody cares if you're alive, try missing a couple of car payments.” – Earl Wilson
ftobin
Posts: 1071
Joined: Fri Mar 20, 2009 3:28 pm

Re: eBay Hit with Security Breach, Change Password!

Post by ftobin »

For what it's worth, Ebay and Paypal both support Two-Factor Authentication: https://www.paypal.com/cgi-bin/webscr?c ... ey-outside
User avatar
htdrag11
Posts: 1261
Joined: Wed Nov 02, 2011 9:22 pm

Re: eBay Hit with Security Breach, Change Password!

Post by htdrag11 »

In addition, PayPal will ask for either your bank or credit card number for confirmation.
User avatar
abuss368
Posts: 27850
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by abuss368 »

I did see this earlier today on CNBC. Cyber crime is all around us! More and more companies appear to be impacted or breached and make the headlines!

Thank you for sharing with the forum.
John C. Bogle: “Simplicity is the master key to financial success."
richard
Posts: 7961
Joined: Tue Feb 20, 2007 2:38 pm
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by richard »

barnaclebob wrote:if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
Yes, but if hackers can get the passwords they might be able to get the means to decrypt. Encryption is not a recommended way to secure passwords for a web site, they should be hashing and salting. There's a lot written on the subject, if you care.
User avatar
Sunny Sarkar
Posts: 2443
Joined: Fri Mar 02, 2007 12:02 am
Location: Flower Mound, TX
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by Sunny Sarkar »

roymeo wrote:[I've got another random password on eBay...heck that old one was only 15 characters, now I've made it the max 20. And luckily the old one was random
While trying to change my password, eBay stunned me by saying that the LastPass generated 100 character password was of "Medium" strength. Only when I decided to use it anyway, it revealed that the max password length is 64. It did however like the 64 character long password as "strong" :-) PayPal accepts max 20 characters.

Websites keep on advising that passwords need to be random and consisting of all kinds of characters. What they really need to be are long and unique (not reused across logins).
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
richard
Posts: 7961
Joined: Tue Feb 20, 2007 2:38 pm
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by richard »

abuss368 wrote:I did see this earlier today on CNBC. Cyber crime is all around us! More and more companies appear to be impacted or breached and make the headlines!

Thank you for sharing with the forum.
Criminals are getting more sophisticated and many companies are sloppy with their security. Doesn't make for a great outcome.
richard
Posts: 7961
Joined: Tue Feb 20, 2007 2:38 pm
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by richard »

Sunny Sarkar wrote:While trying to change my password, eBay stunned me by saying that the LastPass generated 100 character password was of "Medium" strength. Only when I decided to use it anyway, it revealed that the max password length is 64. It did however like the 64 character long password as "strong" :-) PayPal accepts max 20 characters.
ebay has come under a lot of criticism for this. One researcher found ebay called long strings of random numbers, letters and symbols "medium" while calling something like $superman1963 "strong".
patrick
Posts: 2594
Joined: Fri Sep 04, 2009 3:39 am
Location: Mega-City One

Re: eBay Hit with Security Breach, Change Password!

Post by patrick »

richard wrote:
barnaclebob wrote:if the encrypted passwords were stolen wouldn't the hackers need to decrypt them first?
Yes, but if hackers can get the passwords they might be able to get the means to decrypt. Encryption is not a recommended way to secure passwords for a web site, they should be hashing and salting. There's a lot written on the subject, if you care.
According to this article they are hashing and salting: http://www.theregister.co.uk/2014/05/22 ... ncryption/

Even with hashed and salted passwords, many of them would be cracked depending on how well the passwords were chosen. And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
surfstar
Posts: 2853
Joined: Fri Sep 13, 2013 12:17 pm
Location: Santa Barbara, CA

Re: eBay Hit with Security Breach, Change Password!

Post by surfstar »

patrick wrote:And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
[honest, serious question] How do they know what other sites I use?
patrick
Posts: 2594
Joined: Fri Sep 04, 2009 3:39 am
Location: Mega-City One

Re: eBay Hit with Security Breach, Change Password!

Post by patrick »

surfstar wrote:
patrick wrote:And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
[honest, serious question] How do they know what other sites I use?
They don't, but they can try your login and password at a bunch of different places, such as all of the online banking sites of the major banks.
User avatar
Ged
Posts: 3945
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: eBay Hit with Security Breach, Change Password!

Post by Ged »

patrick wrote: Even with hashed and salted passwords, many of them would be cracked depending on how well the passwords were chosen. And if you used the same login and password on multiple sites, as many people do, the badguys would get access to your other accounts too.
Who needs decryption? That's too much like work.

Survey says that 123456 is the most popular password. What you really need is a list of usernames and you are good to go. If you feel ambitious you could try some other popular passwords.

http://www.cbsnews.com/news/the-25-most ... s-of-2013/
User avatar
Sunny Sarkar
Posts: 2443
Joined: Fri Mar 02, 2007 12:02 am
Location: Flower Mound, TX
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by Sunny Sarkar »

Ged wrote:Survey says that 123456 is the most popular password. What you really need is a list of usernames and you are good to go.
That's why I like to pair random long unique usernames with random long unique passwords. Using LastPass (or similar software) it's zero extra effort anyway.

There's still an Achilles's heel though: the same email address used all over.
"Buy-and-hold, long-term, all-market-index strategies, implemented at rock-bottom cost, are the surest of all routes to the accumulation of wealth" - John C. Bogle
User avatar
LadyGeek
Site Admin
Posts: 95699
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: eBay Hit with Security Breach, Change Password!

Post by LadyGeek »

This thread is now in the Personal Consumer Issues forum (computer security).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
Post Reply