eBay urges users to change passwords following data breach

Jos

Jos

Posts: 3,073   +97
Staff

Add another notch to the tally of companies on the receiving end of a massive data breach. Earlier this morning, eBay revealed that internal and customer databases containing the names, addresses, email addresses, phone numbers, birth dates, and encrypted passwords for millions of users were compromised recently. The company says there’s no evidence of financial information being accessed and is advising all users to change their passwords.

The breach took place between late February and early March but was detected only a couple weeks ago. According to eBay’s statement, attackers compromised “a small number” of employee logins first and used that to access the server holding the aforementioned information.

News of the hack first leaked through a post on the company’s own PayPal blog containing nothing but a title. It was promptly taken down but not before screen grabs hit the web though dozens of tweets. eBay has since sought to clarify that PayPal data is stored separately, fully encrypted, and remains safe.

The latest data breach is definitely among the biggest in recent times, and the largest since last year's attack on Target, where hackers stole data from upwards of 70 million customers. eBay hasn’t confirmed the number of affected accounts but the website counts nearly 130 million active users.

Permalink to story.

https://www.techspot.com/news/56834-ebay-urges-users-to-change-passwords-following-data-breach.html

 
TomSEA said:
I'm at a loss how these types of companies keep getting hacked. e-bay is worth billions or dollars. So is Target. How on earth is their security that sad that they can get hacked??
Click to expand...
Human error in many of these cases I'd imagine. In the case of eBay it looks to be that individual users were compromised and those users were used to attack from inside, unlike Sony where their servers simply were not protected even remotely enough.
 
TomSEA said:
I'm at a loss how these types of companies keep getting hacked. e-bay is worth billions or dollars. So is Target. How on earth is their security that sad that they can get hacked??
Click to expand...
They work just like any other company would with a philosophy of "Lets make as much money as possible for ourselves and shareholders, as for other problems, we'll cross those bridges when we come to them".
 
  • Like
Reactions: avoidz and CustosInanis
They need to make a auto password changer, that adds things to your password like the month and year each month, as part of your password. Maybe let you choose where in your password that you type it and how. Also say you pick a month ahead or behind. The first 3 letters of a month, idk.
password superman
s5.14uperman'
superman5/14
superfivefourteenman
 
Sack the employees who allowed their internal accounts to be compromised, as they were sloppy and unsecured.

If the weakest link breaks then throw it in the bin!
 
...names, addresses, email addresses, phone numbers, birth dates...

Why didn't they ask us to provide our SSN/SIN numbers while they were at it. I guess it doesn't matter to ebay as long as they are covered.

Ebay should be offering free credit checks for every user and why did they wait so long to report it?
 
I will wait to change my password I havent logged into it for ages so its probably all useless old information anyways.

The first thing they said to everyone when they announced the heartbleed ssl bug was everyone go out and change your passwords. Genius idea if the website you are changing it on isnt patched. And ya regular joe isnt going to check.

These companies should hire better security. But doesnt it make you realise how unsafe you are. Sure you arent Mr Money probably. But your information in the right hands could be worth something to someone. And there isnt much you can do to prevent it. Internet security stops script kiddies, but once they level up beyond that status ( dont know what that is mind ) then your Nortons and such does sweet FA
 
cartera said:
Anyone else running out of passwords?.....and memory.
Click to expand...
Indeed, I think I will actually switch to Lastpass.
Even though I've been a very big opponent of that system the reality is that with so many breaches I'm just loosing track of my passwords...
And as I'm going through them in some site where I've forgot what password I use there is always this lingering feeling:
What if they are able to read the passwords I try? Because they are all correct :eek:
Just because I'm paranoid does not mean they are not out to get me!
 
Per Hansson said:
Indeed, I think I will actually switch to Lastpass.
Even though I've been a very big opponent of that system the reality is that with so many breaches I'm just loosing track of my passwords...
And as I'm going through them in some site where I've forgot what password I use there is always this lingering feeling:
What if they are able to read the passwords I try? Because they are all correct :eek:
Just because I'm paranoid does not mean they are not out to get me!
Click to expand...

I think what this proves is the safest places for passwords are:
Notebook & pen in a safe.
A PC un-networked PC with a note encrypted with true crypt or similar service.

It all depends how far you wish to go. Did I also mention joining the Armish?
 
You must log in or register to reply here.

Similar threads

A
23andMe is now blaming users and their recycled passwords for data breach
Replies
6
Views
307
mbk34
M
Shawn Knight
Xfinity data breach impacts over 35 million customers
Replies
6
Views
284
Neatfeatguy
N
midian182
Massive data dump containing millions of passwords sparks security alert: Is your data...
Replies
8
Views
284
p51d007
p51d007

Latest posts

Back