Author Topic: MAJOR hack of eBay accounts (Read 7311 times)

Bruce · « **on:** May 21, 2014, 11:27:56 AM »

This happened TWO MONTHS ago and they only NOW got around to advising users to change their passwords? And they won't admit how many were stolen, but they do say "a large number of accounts"?

Unconscionable!

http://money.cnn.com/2014/05/21/technology/security/ebay-passwords/index.html?iid=Lead

erik1925 · « **Reply #1 on:** May 21, 2014, 11:57:29 AM »

According to that article, the initial breach (employee credentials stolen) wasn't discovered until 2 weeks ago, which was cause for a further investigation. If true, then it isn't as if they knew for 2 months and chose to say nothing to account holders on purpose. $:-\$

"It wasn't until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft."

More news at 11.

Bruce · « **Reply #2 on:** May 21, 2014, 12:27:48 PM »

I think it is WORSE that it took them SIX WEEKS to even discover the theft of tens of millions of customer accounts!

And it took two more weeks to announce it? And WHERE is the announcement on eBay's home page (or when you go to sign in)?

They seem far more concerned with "managing" this than with alerting and protecting their customers!

erik1925 · « **Reply #3 on:** May 21, 2014, 12:31:40 PM »

I agree, Bruce. That they have no security mechanism in place to alert them of potential breaches of account info seems hard to believe. In reading the article, I thought maybe it took them 2 weeks to determine accounts had been hacked into, after the initial employee info had been found to be compromised.

It may all be so much spin and excuse for system than wasnt as secure and protected as they wanted all their customers to believe.

MoviePosterBid.com · « **Reply #4 on:** May 21, 2014, 02:41:08 PM »

oh c'mon..

I dare anyone to post here that their network is 100% un-hackable.
Hackers get into all kinds of servers, like the Chinese military guys who were just indicted for hacking into numerous corporate servers of some of the biggest companies in the world. It isn't "if" a server can be hacked, it's "when".

if ebay didn't want anyone to know, we wouldn't know now and it wouldn't be splashed all over the news channels.

in general hack reports have come out weeks or months after such an episode

the CIA gets hacked. the NYT gets hacked. Banks, airlines, power companies..
100% Internet security is a myth

paul waines · « **Reply #5 on:** May 21, 2014, 03:45:43 PM »

Well ebay are letting me know I can list up to 20 auctions free....

I've changed my Password anyway, to be safe..... $:-\$

erik1925 · « **Reply #6 on:** May 21, 2014, 04:04:06 PM »

Quote from: paul waines on May 21, 2014, 03:45:43 PM

Well ebay are letting me know I can list up to 20 auctions free....

I've changed my Password anyway, to be safe..... $:-\$

Ditto. I did the same.

CSM · « **Reply #7 on:** May 21, 2014, 04:09:55 PM »

New password I am using: "ucanthackthis"

paul waines · « **Reply #8 on:** May 21, 2014, 04:17:44 PM »

So what about Paypal, as it's owned by ebay. Do they have that info too?

I may go and change that password too...

MoviePosterBid.com · « **Reply #9 on:** May 21, 2014, 04:30:24 PM »

Quote from: paul waines on May 21, 2014, 04:17:44 PM

So what about Paypal, as it's owned by ebay. Do they have that info too?

I may go and change that password too...

the articles state that Paypal is on diff servers and was not hacked.

corporations that have been hacked in 2013

2011 article, 90% of comapnies say they have been hacked
http://www.computerworld.com/s/article/9217853/90_of_companies_say_they_ve_been_hacked_Survey

originalcinemaposters · « **Reply #10 on:** May 21, 2014, 04:44:15 PM »

I have worked in IT for many major companies and everyone gets hacked.
the only secure computer is one in a locked room with no network connections....

Bruce · « **Reply #11 on:** May 21, 2014, 05:23:01 PM »

It is NOT that they got hacked! It is that it took them 6 weeks to even discover it, and much worse, that they covered it up for two more weeks, and even now have not notified customers themselves or put it on their site or sign in pages.

They handled something that happens all the time in the worst possible way.

MoviePosterBid.com · « **Reply #12 on:** May 21, 2014, 06:38:01 PM »

seriously, Target was hacked for 3 months before they discovered it.
an ultra-secure Iranian nuclear facility was hacked for as long as 3 years before discovery
hacking is a robust business that has an annual convention in Las Vegas with some 30,000 attendees (inc government agents, recruiting)

it happens to everyone.
below is the truth

Quote from: originalcinemaposters on May 21, 2014, 04:44:15 PM

I have worked in IT for many major companies and everyone gets hacked.
the only secure computer is one in a locked room with no network connections....

jpicken · « **Reply #13 on:** May 21, 2014, 06:45:06 PM »

I am disappointed that I found out about it on this forum. eBay should have a note on their front page, and they should make an attempt to notify customers via email. They can send me emails all day about when my favorite sellers add an item to eBay, but they don't notify the members affected of a potential breach?

Dread_Pirate_Mel · « **Reply #14 on:** May 21, 2014, 06:55:02 PM »

Several class actions will be filed tomorrow, rest assured. Target has been crushed by similar class actions.

jedgerley · « **Reply #15 on:** May 21, 2014, 06:55:27 PM »

Most companies don't even tell you for fear of share prices falling or worse they don't even know. Even small local family owned banks get thousands of various degrees of attacks and attempted data theft every day.

"The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today."

Front page
http://blog.ebay.com/

And
http://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/

MoviePosterBid.com · « **Reply #16 on:** May 21, 2014, 07:05:37 PM »

Quote from: jpicken on May 21, 2014, 06:45:06 PM

I am disappointed that I found out about it on this forum. eBay should have a note on their front page, and they should make an attempt to notify customers via email. They can send me emails all day about when my favorite sellers add an item to eBay, but they don't notify the members affected of a potential breach?

I'm guessing that you do not read news.

pratschm · « **Reply #17 on:** May 21, 2014, 10:34:40 PM »

Ebay accounts themselves are probably safe. The passwords were hashed and salted (ie, very difficult to decrypt) so that might explain why there is no notice on the site itself about changing passwords. However, given all the other data stolen, there should definitely be emails, notices, etc. I give that another couple days, once the media has informed everyone first. I also found out about this from the forum (and I do read the news, or at least I thought I did) and changed my password just to be safe (just in case they remember that they didn't hash and salt the passwords).

Paypal was supposedly not hacked (in this session), but oddly enough I received a letter yesterday informing me that someone tried to open a 'Bill Me Later' account in my name. Stupid hackers.

paul waines · « **Reply #18 on:** May 23, 2014, 01:54:25 PM »

Ebay have now sent an email asking me to change my pass-word......Bit late there then.

erik1925 · « **Reply #19 on:** May 23, 2014, 02:02:30 PM »

And the password change reminder is on their home page, too, when you sign in... it's been there the last couple of days.

pratschm · « **Reply #20 on:** May 24, 2014, 04:15:03 PM »

I find it funny and interesting that they make no mention at all about all the other user information that was compromised (at least not in the message on the website):

"On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password."

oldposterho · « **Reply #21 on:** May 24, 2014, 04:25:04 PM »

They forced me to change today when I was trying to log in. I guess since I've had the same one since 1999 it was about time anyway.

Mirosae · « **Reply #22 on:** May 24, 2014, 04:55:10 PM »

I think that this is outrageous. Any other business will be in trouble. It seems that ebay ca get away with murder.

Bruce · « **Reply #23 on:** May 25, 2014, 07:44:23 AM »

Maybe they CAN'T "get away with murder"!

"eBay came under renewed pressure today over a massive cyber attack as three US states began investigating the e-commerce company's security practices.
New York Attorney General Eric Schneiderman requested eBay provide free credit monitoring for everyone affected, according to a person familiar with the matter."

See the full article here:
http://www.itnews.com.au/News/386257%2cus-states-to-investigate-ebay-security-practices.aspx

CSM · « **Reply #24 on:** May 25, 2014, 12:54:44 PM »

No doubt listing and Paypal fees will now be increasing

News:

Author Topic: MAJOR hack of eBay accounts (Read 7311 times)

Bruce

Bruce

Bruce

Dread_Pirate_Mel

Mirosae

Bruce