Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

eBay Breach Affecting Possible 145MM


  • Please log in to reply
11 replies to this topic

#1 Stolen

Stolen

  • Members
  • 669 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:41 AM

Posted 21 May 2014 - 06:16 PM

eBay Breach Affecting A Possible 145MM Users

Written By

Stolen

May 21, 2014 // 4:19 PM CDT

ebay-stock-ticker-may-21-2014.jpg
eBay Ticker May 21, 2014

Cyber attack, security breach, or a bug? They may all be essentially the same thing, however, the outcome is always the same. Change your password.

eBay has been hacked, and it will affect anywhere from 12 to 145 million users. PayPal, a subsidiary of eBay, has announced it was unaffected by the breach.

According to several sources on the Internet today, eBay will be issuing notices to ask people to change passwords. eBays stock plummeted this morning to 50.30 (the 52-week low was 48.06) before starting to rise.

At the time of this writing, many portions of the Investor Relations corporate website for eBay were not available. After attempting to access the In The News section of the site, it was not available most of the day (many times that is fed by Bloomberg to the IR portion of publically-traded companies). It appeared analysts were most likely updating the buy, sell or hold recommendations, and Bloomberg had difficulty keeping up with the traffic.


BC AdBot (Login to Remove)

 


#2 IStillBelieve

IStillBelieve

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 21 May 2014 - 06:35 PM

Hi,

 

Thanks for the update.  That really sucks for me because I don't even remember my ebay password.  I've had it saved in my browser for so long it could be anything.

 

 



#3 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,673 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:08:41 PM

Posted 21 May 2014 - 07:43 PM

 

That really sucks for me because I don't even remember my ebay password

Re set it using the email you used when you created the account.

 

Thanks Stolen.... password changed.


Edited by NickAu1, 22 May 2014 - 01:48 AM.


#4 Darktune

Darktune

    Very Purple


  • Members
  • 1,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:11:41 AM

Posted 22 May 2014 - 03:32 AM

The hackers started getting account information late February. It's taken this long..


It's very hard to imagine all the crazy things that things really are like. 

Electrons act like waves.. no they don't exactly, they act like particles.. no they don't exactly.

Words and ideas can change the world.


#5 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,673 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:08:41 PM

Posted 22 May 2014 - 07:56 PM


After the breach: eBay’s flawed password reset leaves much to be desired



 

eBay has finally stopped burying its own advisory to change passwords following a major hack on its corporate network by adding an important password update to the top of its home page. Now, engineers should turn their attention to flaws on the site's password reset page that may prevent users from choosing passcodes that are truly hard to crack.

http://arstechnica.com/security/2014/05/after-the-breach-ebays-flawed-password-reset-leaves-much-to-be-desired/

 

 

  eBay buries its own advisory to change passwords following database hack

 

More than seven hours after eBay published an advisory that was five clicks removed from end users, the company still made no mention of the breach, said to affect 145 million customers, in e-mails, on its front page, or when users log in to their accounts. The bare-bones post disclosed a breach in February or March that allowed attackers to make off with cryptographically protected passwords. It advised users to change their login credentials. The breach also exposed customers' names, e-mail addresses, home addresses, phone numbers, and dates of birth in a human readable format

http://arstechnica.com/security/2014/05/ebay-buryies-its-own-advisory-to-change-passwords-following-database-hack/


Edited by NickAu1, 22 May 2014 - 07:58 PM.


#6 jonuk76

jonuk76

  • Members
  • 2,157 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Wales, UK
  • Local time:11:41 AM

Posted 22 May 2014 - 08:16 PM

The hackers started getting account information late February. It's taken this long..

 

This is shocking.  My concern is that perhaps it's not account hijacking that is their aim (surely they would have done this by now), but personal data which Ebay holds, which may be used for ID theft.


7sbvuf-6.png


#7 Genex17

Genex17

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 AM

Posted 23 May 2014 - 11:54 PM

I looked at my account. There's nothing more than they could find anywhere else. My name, PO Box (never a street address) and reviews. No social security numbers and I don't remember a birth date anywhere. Credit card is long expired. PayPal is used (with multi-factor authentication), and no other financial institutions listed. Email addresses require phone authentication in order to change the password.

 

Certainly not bulletproof, but not exactly unlocked car door/keys in the ignition.

 

I changed the password anyway. So now they got a useless hash.

 

I'd like to see Ebay implement some sort of MFA though.


Edited by Genex17, 24 May 2014 - 12:16 AM.


#8 Itz Paradox

Itz Paradox

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 24 May 2014 - 07:31 PM

thanks for the info even tho this is late cant hurt to buff up and check on security settings etc



#9 Martin Be.

Martin Be.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Morgan Hill
  • Local time:03:41 AM

Posted 26 May 2014 - 10:57 PM

Thank you.



#10 FistOfGod

FistOfGod

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 30 May 2014 - 10:17 PM

Thanks ebay! I appreciate the possible loss of account information! Great job!



#11 FistOfGod

FistOfGod

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:41 AM

Posted 30 May 2014 - 10:18 PM

STOLEN, thanks for the info. I think issues like this will continue to escalate. SMH.



#12 Djuan

Djuan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philippines
  • Local time:06:41 PM

Posted 19 June 2014 - 03:24 AM

Hi,

 

Thanks for the update.  That really sucks for me because I don't even remember my ebay password.  I've had it saved in my browser for so long it could be anything.

 

 

if it's saved in your browser you can always look for it. what's your browser, btw?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users