eBay passwords security risk after cyberattack – eBay say “Change your passwords”
eBay released this statement a few minutes ago and we publish it verbatim. We’ll give you more when we know it.
eBay Inc. To Ask eBay Users To Change Passwords
eBay Inc. said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.
Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
Disgusted with ebay. Data security clearly has an extremely low priority. This spells doom as buyers will stop using the site. This happened in March according to the news and we are only told now! Do we trust what ebay say?
I don’t trust anything eBay say these days.
I can’t believe they are only telling us now!
yeah that was only a routing cable dns data link thingy problem the other evening?
Cyber attack? Or a clever but rather desperate attempt to get millions of users flocking back to the site?!
That was my first thought…my second was why on earth do I continue dealing with a company I have so little faith in that I’d suspect them of this as not so clever marketing?! Don’t doubt it happened, just question why it took so long & if an announcement (that apparently went straight to the press ahead of users) was really necessary?!
If this occurred at the time of the Heartbleed security breach when eBay advised the world that their systems were secure and at no risk then I suspect they will now be in some trouble.
If it was something else then there remain many questions. Start here …….. http://countermeasures.trendmicro.eu/oy-vey-ebay-five-questions-for-you
Their lethargic discovery/communication is worrisome.
What use will changing passwords do now? They say that these were encrypted, so there shouldn’t be a problem.
What was not encrypted was everyone’s personal data – name, address, DOB etc etc.
Why wasn’t that encrypted?
I’m not expecting an answer from ebay, I’m not that naive! It’s just another example of how bad the company has become.
Ebay has a major slump in the Google rankings and now this publicity about a February atack? Could there be a link? A desperate attempt to boost sales before the giant “11Main.com” arrive?
Today I have been having a browse on ebay. Has anybody noticed just how few new listings there are on ebay. Most of the categories that I looked at seem to have less listings than a few weeks ago.
Usually the numbers of new listings is about equal to the number of listings that are ending. So the numbers in each category remain fairly constant. But recently listing fees for Private Sellers went us to an extortionate 35p and it does look as if many are being put off. After all 35p is a significant listing fee on low value items. So anybody listing items under £1 it just is not worth bothering with. Even between £1 and £5 it probably not worth bothering with.
I would suiggest that many go on ebay browsing and they look at 99p items and work their way up the values. They may browse on Private Sellers but they will continue onto the Trade Sellers If the effective minimum cost rises to £5 it is likely that they will not bother.
So in the long term ebay will become less and less attractive and fewer people with bother to browse on ebay and of course less will buy. But perhaps that is what evay want. The trouble will be that our sales will drop.
The BBC has been carrying the story. But has anybody noticed that the Logo that the BBC is using in the story is the old, long replaced, ‘dancing’ ebay logo. So yet again the BBC shows how up to date and informed that it is.
It really is time that the BBC is Privatised and the massive taxatioon that funds its excess is ended.
A while ago Noel Edmonds announced that he had put together a scheme to take over the BBC. Perhaps now is the time to take him up on it. After all no matter how bad Noel Edmonds and his consortium was it would be vastly better than the BBC as currently constituted.
just reset my browser – tryied to log back into ebay to finish orders –
cant get in tgo change the bloody password, cant contact CS as it ask me to log in…FARCE !
Page not available
Ebay is asking its users to reset their passwords due to the unauthorized access to our corporate information network. This may result in a delay of service due to the high traffic volume. We ask for your patience and that you return to eBay soon. In the meantime, please be assured that no activity can occur on your account until your password is reset.
You may also visit Customer Service
Message for Johnny. I spent 2 hours yesterday having the same problem. Ebay could not understand why this was happening. but after such a long tedious slog changing my 9 passwords I noticed that the problem you mention occurs when you have a password over 20 characters long. Because eBay now no longer allow more than 20 characters you can’t change your password using your current password because eBay’s system will not accept your current password as a valid password. This is one almighty cock up of their behalf and to find out at a time when everyone is trying to change their passwords is unforgivable. It’s an incredibly stupid error for such a massive company to miss out. The other problem is trying to get a STRONG password. I used 5 random numbers 5 random upper & lower case letters & 5 numbers & could only get a medium password. After phoning eBay I was told to just use a medium password but I insisted that this was not acceptable. I did not want to spend time changing 9 passwords if they were only going to be medium. After repeating myself at least 5 times insisting I wanted a strong password I was eventually told to make sure I used one symbol at the start then a number & at least one upper & one lower case letter. It worked fine then. I now have a strong password that only has 7 characters instead of 24. On the change password page it says to use at least 2 of the following…one upper one lower case letter, numbers or characters when in reality you only get a strong password if you use all 4 options & start with a character. I think that wasting peoples time should be a crime. I’m 52 now & sick to death of having my time wasted by careless idiots. Wasting people’s time should be treated as a crime! In this case it is unforgivable.
How many Low DSRs does this deserve.
eBay now is a ‘Below standard seller’
item as described *
Neg: Seller made alot of promises and did not deliver. The item is not as described.
I agree this is inconvenient but its not like only google have been affected. Hundreds of companies throughout the world have been hit with various attacks recently and eBay have made it very clear that we should change passwords which takes maybe 30 seconds. Paypal is not affected which you could argue would be the most important thing.
The one slightly worrying thing from the other post is there is a very very clear decrease in eBay presence on google right now. That is extremely bad news especially with a potentially wet bank holiday weekend on the way.
I don’t agree Craig. Ebay have not made it clear. When I logged on this morning where was the interim page advising a password change? Not there.
If you had your TV/radio off yesterday, and logged on this morning you would know nothing about it. I find that unbelievable. The only way you would know is if you made a practice of checking ebay announcements on My Messages before you did anything else in the morning.
Frankly that is rubbish performance by ebay.
On the Google issue mentioned sales have been down about 20% since Christmas, and I haven’t seen sales levels this low in May for about 6 years. I’ve checked my search results on ebay and the only thing I can discover is that as usual Cassani doesn’t work properly. I am outranked by foreign companies with slower delivery, worse feedback, no 1 day handling, no TRS, no premium service, higher prices, in fact nothing better than me, except perhaps they listed the item earlier so get most impressions, so are higher. Really, what kind of best match is that?
As a previous writer said, ebay would have negative feedback right now with INAD cases galore, in fact so many I suspect they would be thrown off their own platform.
I would go so far as to say that if ebay were a member of the my sales team, they would have been dismissed by now for underperformance!
strange going’s on – as advised, changed my passwords last night on my desktop. Go on laptop today and i could still get onto my ebay accounts with old stored passwords, why is that?
WAY TO GO EBAY! here is what happened when I went through the Change Password process :
BIG RED BANNER
Sorry. We’re currently experiencing technical difficulties and are unable to complete the process at this time
And followed by an e-mail :
This is a courtesy message to let you know that your eBay password has been successfully changed. No response is needed.
eBay Trust Team
Have they a clue what is going on?
IF YOU ARE CHANGING A LONG EBAY PASSWORD I CAN SAVE YOU A BIG HEADACHE.
I spent 2 hours yesterday trying to change my eBay passwords & learned a lot at my own expense. The eBay rep I spoke to could not understand why the system was rejecting my current password but after such a long tedious slog changing my 9 passwords I eventually figured out myself that the problem occurs if you have a password over 20 characters long. Because eBay now no longer allow more than 20 characters you can’t change your password using your current password because eBay’s system will not accept your current password as a valid password. This is one almighty cock up of their behalf and to find out at a time when everyone is trying to change their passwords is unforgivable. It’s an incredibly stupid error for such a massive company to miss out. You have to use the I forgot my password link even though you have your password. The other problem I encountered was trying to get a STRONG password. I used 5 random numbers 5 random upper & lower case letters & 5 numbers & could only get a medium password. After phoning eBay again I was told to just use a medium password but I insisted that this was not acceptable. I did not want to spend time changing 9 passwords if they were only going to be medium. After repeating myself at least 5 times insisting I wanted a strong password I was eventually told to make sure I used one symbol at the start then a number & at least one upper & one lower case letter. It worked fine then. I now have a strong password that only has 7 characters instead of 24. On the change password page it says to use at least 2 of the following…one upper one lower case letter, numbers or characters when in reality you only get a strong password if you use all 4 options & start with a character.
in eBays published Q&A statement they mention that “The attack resulted in unauthorized access to a database of eBay users that included: name, address,…… ” etc. The word that worries is “INCLUDED”, what else was lost? Did they for example give away our Security Questions and Answers, or our historic passwords (which they seem to store ad infinitum), previous addresses, sales/purchase history or links to same, etc.
I am surprised that nobody has quoted ebay in regard to the latest ebay cock-up. Whenever I look at ebay there is a flashing box and one of the items that flashes in it is:- ‘Selling on ebay is full of Good Surprises’. It was originally to do with the ending of 100 Free 99p and under items per month and its replacement with 35p massive listing fees and just a nominal 20 free listings per month. But it is no doubt appropriate for everything else including having to change passwords etc.
We just took a call here from someone asking us to complete a transaction off eBay. Not uncommon and we normally direct them back to the site to complete the transaction there.
But this lady told us that she was really concerned to buy from us on eBay because she’d heard about the security flaws and was worried about it.
We tried to reassure her that it was safe to buy on eBay and pay with Paypal but she wasn’t to be persuaded.
if you were worried about every thing that could happen or might happen you would never cross the road or get out of bed
were just getting on with selling, nothing really bad has happened to any individual thats known of because of this,
its all mostly paranoia
Totally agree with you – it’s all paranoia. Unfortunately eBay are being very quiet as far as talking directly to their buyers (and sellers) goes.
We need them to get active with positive reassurance to buyers encouraging them to spend their money and assuring them that eBay is a safe place to be.
Usually the users with the access level necessary to have ready access to this data are pretty tech savvy.
They aren’t the sort to fall for phishing email tricks and similar scams. They aren’t the sort to use ‘password’ as their system access password.
There are several well documented similar cases where such a breach has been a deliberate act by an employee. Said employee could then ‘blame’ a phishing attack or similar to try to avoid taking the rap for her / his crime.
My guess is that we will never know the truth of what really happened here.
Honestly, ebay is becoming more stupid by the day.
They want the perfect selling platform and act like nothing should ever go wrong when selling. Penalize every single little mistake, even if it wasn’t, that way the Sellers will tow the line and Buyers will come back to shop.
ebay made a massive mistake and kept it quiet for two months !! really really disgusting.
eBay are a greed based company and deserve all the flack that they attract. They are expensive and charge 10% on the shipping costs for doing nothing at all. Integrity is not a word that you can associate with eBay and if you are a seller they will refund funds straight from your bank account on the say so of a disgruntled buyer without bothering to check the facts or details at all. As a member of eBay you are always in the wrong because they, eBay are so up their own backsides.
its frustrating that despite the growth of e-tailing and the benefits to the ultimate consumer in lower prices and wider choice – the same hasn’t been true at the ‘service provider’ level
when we see price competition break out we may have an indication of a ‘mature’ (lower growth rate) market
this has occurred in parcel distribution – service quality and prices are far better than they were several years ago – and the market (according to royal mail) is rather flat
While I agree that 2 -3 months before announcing this is unacceptable, Ebay are in a damned if you do, damned if you don’t position
A “hi guys we got hacked last night” mail the day after the event probably wouldn’t have gone down all that well either.
Nothing is 100% safe, if someone made it, someone else can always take it apart.