Hackers Infiltrate eBay: Time to Change Your Password - NBC News

[knarfeng]

"The company said hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information,

I dunno. I checked my eBay account. I've never input my birth date. My phone is blanked out. My address is visible. But then my address can be found with a Google search, also. To read my password, they would have to break the encryption. I use a unique password for each site. My eBay account is not linked to my PayPal acct. And I've changed my password for eBay. I kinda don't think they got much from me, even if my account were one of the ones they hacked.

 

[Luis G.]

I dunno. I checked my eBay account. I've never input my birth date. My phone is blanked out. My address is visible. But then my address can be found with a Google search, also. To read my password, they would have to break the encryption. I use a unique password for each site. My eBay account is not linked to my PayPal acct. And I've changed my password for eBay. I kinda don't think they got much from me, even if my account were one of the ones they hacked.

Encryption is easy to break now a days unfortunately. Using a unique password for each password however is priceless.

 

[HallHandmade]

I'll post excerpts from a couple emails to a customer, this basically shut me down for a little over a week, delayed some materials purchases while things got fixed. Not catastrophic, but ended up with a couple delays/broken promises, which is never good.

Right after I had talked to you, my PayPal got hacked via that eBay data theft that was just on the news. They claim nobody got compromised because the info was encrypted, but funny, they knew about it for weeks, then magically announce a compromise after people's accounts (such as mine) are being pillaged.

They went in, changed my email and password, deleted my bank info, cancelled my card, and spent all my money. Luckily PayPal pretty much made everything go away (I was wondering why they were so quick to press the magic button), so it cost mostly time at this point.

Haha that's a whole story in itself

I drove down to Tru-Grit, which is about an hour away, to restock consumables.

Once I spent about an hour picking a $200+ purchase, I went to pay with my PayPal debit card (which I had just used the day before) and it wouldn't work.

I ended up walking out with my stuff on the books, and headed home, thinking maybe their machine was malfunctioning. Then I stopped to get gas and it didn't work again.

I barely made it home on fumes, as my fiance had taken my bank card to pay my share of a bill, and I don't typically use credit so don't carry my cards with me. I'll usually carry a bit of cash but didn't have any on me.

On the way home I called them to see exactly why the heck my card stopped working out of nowhere, and it turned out that someone had cancelled it in an attempt to have it sent to a new address. That's when I found out about everything.

I've never been compromised a single time in well over a decade I've been using this service, so I find it much too coincidental that eBay makes that announcement only days after my account was hacked and funds stolen. Supposedly they knew about it weeks before and waited to announce it until it was too late, although I'm not sure of whether that is actually true.

 

[RamZar]

Five days later, I just received an email from eBay entitled: Important - eBay Password Reset Required

IMPORTANT: PASSWORD UPDATE


Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.

Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:

• As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
• We are applying additional security to protect our customers.
• We are working with law enforcement and leading security experts to aggressively investigate the matter.

Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.

We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Devin Wenig
President, eBay Marketplaces