eBay comment on OpenSSL/Heartbleed bug
eBay have issued this statement on the OpenSSL problem which many are referring to as the Heratbleed Bug. This is the comment in full:
A Message Regarding OpenSSL- “Heartbleed Bug”
There has been a lot of discussion recently in regard to a security vulnerability in a version of OpenSSL, commonly known as the “Heartbleed Bug.”
We take the responsibility of keeping your personal information details protected very seriously at eBay.
We would like to assure you that with regards to the Heartbleed bug:
1) Your eBay account is secure
2) Your eBay account details were not exposed in the past and remain secure
3) You do not need to take any additional action to safeguard your information
4) There is no need to change your password
While we always advise our customers to be cautious and aware of the security of their personal information, in this case we want to reassure you there is no need to be unduly concerned. When you login to eBay using your user name and password these details were not exposed to the OpenSSL vulnerability.
Consumer safety is our top priority. As always, thank you for being a part of the eBay community.
I am not totally reassured.
What about if I log in with email address and password? email address is not mentioned.
What about if I (against general advice) use passwords across more than 1 site, 1 of which could have been compromised?
eBay might have been secure, other sites not so.
Anyone who has dealt with ebay for any length of time puts very little faith in ebay’s “reassurances”…
How long were you involved with eBay for Rich?
Jimbo, I started selling on eBay in January 1999 and amassed 4625 positives before I decided on my own to stop listing items there in April 2013 because I don’t like their fraudulent and illegal breaches of contract and unfair trade practices with small sellers.
You certainly put in a good shift. That’s longer than the average marriage!
Talking of Passwords. I recently changed my electricity provider. Part of the procedure for registering with the new provider was that I had to complete an on line form providing lots of assorted information. There was email address..No Problem. But the next line down was email password. I refused point blank to provide that information.
After all what the blazes would my electricity supplier want my email password for???
Anyway they would not accept the form without this information provided and it turned into a long drawn out row. I am now getting my electricity from them and they have not got my email password. Indeed I told them that had I supplied my email password my next move would have been to change it.
to be honest we wonder if these scares are sometimes manufactured or at least overstated, to increase anti virus software sales