Further information on the eBay cyberattack and your eBay password
Earlier today, eBay announced it had been the victim of a cyberattack where some encrypted non-fiancial information had been put at risk.
As a precaution eBay also announced that all users should change their passwords.
eBay have published a great deal more information about the cyberattack since then including more detailed info on what to do about it, some frequently asked questions and specific information for sellers.
There are a few things that leap out. Firstly, the cyberattack occurred maybe as long ago as February, which is quite astonishing. Have they been sitting on it since then or have they only just twigged? Either explanation is far from ideal
Next, the PayPal systems were not compromised but that is not necessarily that comforting because I bet that plenty of eBay users use the same passwords on both eBay and PayPal and likely other sites.
Third, eBay is going to force everyone to change their passwords and that’s going to cause some disruption. eBay has put together some specific info for sellers to address the concerns there. See below.
But the the issue at stake is confidence and a lot of that depends on how much you trust eBay. Personally, I take them at their word on this one and at least salute the fact they have gone public despite the possible flak. But this is going to scare some people away, probably buyers.
Even if it was possible to sweep it under the carpet, which I suspect it wasn’t, tackling the issue head-on and proactively is the decent thing to do.
Doubless the tech community will debate what’s what and why extensively but in the meantime it’s an opportunity to reasses your password practices for the better. And that’s no bad thing.
eBay say that they discovered the hack ‘earlier in May’.
Sadly that begs 2 questions:
1) why did it go undiscovered for so long?
2) why were users not informed before now?
eBay state a list of compromised data that ‘included’, what other data was compromised that they do not list?
Whilst I can change my password I cannot change my name, my address, my date of birth. I see that email address is also on the list it might just be a good idea to change that.
Confidence is everything, if there is more to reveal best to hear about it now than in drips.
Regarding the enforced change of passwords – does anyone know if this will apply to those who have already changed them since the problem was revealed (in the past few hours in fact) – or just to those who haven’t?
Ebay is Beyond a joke. Programming is a joke and the search does not work properly. The whole site is a shambles.
And yes …you must reset password again cause everything they do is never done properly or efficiently.
just had a page up asking me to change password….now its letting me in. without changing password for second time.
And the header for messages sent through eBay will need to be rethought won’t it?
After all this includes a part of the compromised data:
‘eBay sent this message to [names] (used ID).
Your registered name is included to show this message originated from eBay’
Simply no longer holds good!
I have been asked to change my password when I try an log into my eBay account. However, probably due to increased traffic, the screen asks me to comeback later and doesn’t allow me to change my password. I can see ‘item not received cases’ being opened by customers and so defect scores will be sky high! Will we receive a partial refund on our eBay fees for loss of trade and will defects be pardoned/not counted?
Well…just reset my password. I go through the motions only to be told that I have now chosen a previously-used password (not true), so I tweak it and try again. I am then told that my session has timed out and need to start again.
So, I ask ebay to send an email with the link to change my password. An email arrives ‘This is a courtesy message to let you know that your eBay password has been successfully changed. No response is needed.’
The ‘previously-used’ password works and no email has arrived to change it.
Surprised? Me neither, but when you rely on ebay for your living it’s very, very worrying indeed.
click on the change password send an email link,no email comes
orders still comin g in cannot revise any items end any items etc this is going to create chaos
cannot get on my account ebay is a joke