eBay tells users to change passwords after 'cyber attack'

http://www.telegraph.co.uk/technolo...s-to-change-passwords-after-cyber-attack.html

 

they took down the message.

*apparently*, it was an error.

http://ca.reuters.com/article/technologyNews/idCABREA4K0B420140521

 

I just changed it anyway.
I figure there is incompetence somewhere in the mix (either in the password compromise or the incorrect announcement), and that's enough incentive for me to make the change.
Plus, I'm all set when they reverse their decision again and go back to advising a change.

 

It is still here:

https://info.ebayinc.com/
http://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/

 

Those notices should be prominently displayed on eBay home page as well as the login page.
Anything less is not serving their community.

 

No email or other notification as of yet. I changed it. Thanks for the heads up. Reading the notice, physical address, email , phone # and DOB could have been taken as well.

 

Why is eBay burying news of its security breach from its users?

 

Changing your password shows more incompetence. I generated a complex long password with special characters, underscore, high ANSI characters etc, and the strength meter said it was only Medium. It also didn't accept spaces.(even though I disabled spaces, it still said that. An underscore is not a space Ebay!)
After dumbing it down a few times it finally accepted my password, but when I tried to log in I was told it was not correct. I had to reset my password again a few times until it was finally dumbed down enough to be accepted by the login screen as well..
Btw, this WAY simpler password did earn a Strong rating from the strength meter :S

 

http://www.cbc.ca/news/business/ebay-cyberattack-hit-large-part-of-145-million-users-1.2650676

I changed my Ebay password just now.
I could not copy and paste into the fields using either IE11 or Chrome so I had to simplify the password a little so as not to make a mistake.

 

Do not tell me, that they have started using that stupid policy from paypal, so people could not make a strong password.

 

It could be for other reasons than to prevent people from making strong passwords.
maybe security reasons, I don't know.

but I found that inconvenient.
especially when you try to enter a 16 characters passwords that looks like some extra-terrestrial language.

 

I changed mine yesterday. 20 characters, using Chrome, and was able to C&P.
I was surprised, because usually they want manual entry.

 

I know, I was being sarcastic. They want to prevent people to copy/paste passwords, but it will only force people to make weak passwords.
It took me about 10 min to change password on paypal, I had to practice typing it into notepad to be finally able to type it properly.

 

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

http://www.theregister.co.uk/2014/05/22/ebay_password_encryption/

 

Exclusive: EBay initially believed user data safe after discovering breach | Reuters

 

This is another reason why I like KeePass. Its auto-type function will work for forms that won't allow copying and pasting.

 

I have not thought about that. Next time, I will try to use Keepass to create a password. I will put the password to login as well and it will probable autotype it.

 

very good idea!

I uninstalled it lately and started using copy and paste from an encrypted text file but i'm gonna re-install it right now because of this.
I still have my keypass database saved on a drive so it's a no-brainer.

 

They finally got around to putting a notification on the home page... and Devin Wenig, President, eBay Marketplaces has sent emails to all users regarding the need to change passwords.

Of course the email contained the requisite apology, along with a hollow pledge describing how committed they are to ensuring a safe and secure online experience for us all.

 

If you use Lastpass you can make the password as strong as you want and as strong as ebay or whatever site allows it to be. Only one master password needs to be remembered.

 

The eBay breach explained

http://www.scmagazine.com/the-ebay-breach-explained/article/360998/1/