eBay tells users to change passwords after 'cyber attack'

Discussion in 'other security issues & news' started by SweX, May 21, 2014.

Thread Status:
Not open for further replies.
  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.telegraph.co.uk/technolo...s-to-change-passwords-after-cyber-attack.html
     
  2. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
  3. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I just changed it anyway.
    I figure there is incompetence somewhere in the mix (either in the password compromise or the incorrect announcement), and that's enough incentive for me to make the change.
    Plus, I'm all set when they reverse their decision again and go back to advising a change.
     
  4. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
  5. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Those notices should be prominently displayed on eBay home page as well as the login page.
    Anything less is not serving their community. :thumbd:
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    No email or other notification as of yet. I changed it. Thanks for the heads up. Reading the notice, physical address, email , phone # and DOB could have been taken as well.
     
    Last edited: May 21, 2014
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,779
    Location:
    Texas
    http://blogs.wsj.com/digits/2014/05/21/if-ebay-was-breached-what-about-paypal
     
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  9. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Changing your password shows more incompetence. I generated a complex long password with special characters, underscore, high ANSI characters etc, and the strength meter said it was only Medium. It also didn't accept spaces.(even though I disabled spaces, it still said that. An underscore is not a space Ebay!)
    After dumbing it down a few times it finally accepted my password, but when I tried to log in I was told it was not correct. I had to reset my password again a few times until it was finally dumbed down enough to be accepted by the login screen as well..
    Btw, this WAY simpler password did earn a Strong rating from the strength meter :S
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    http://www.cbc.ca/news/business/ebay-cyberattack-hit-large-part-of-145-million-users-1.2650676

    I changed my Ebay password just now.
    I could not copy and paste into the fields using either IE11 or Chrome so I had to simplify the password a little so as not to make a mistake.
     
  11. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Do not tell me, that they have started using that stupid policy from paypal, so people could not make a strong password. :sick:
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    It could be for other reasons than to prevent people from making strong passwords.
    maybe security reasons, I don't know.

    but I found that inconvenient.
    especially when you try to enter a 16 characters passwords that looks like some extra-terrestrial language. ;)
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I changed mine yesterday. 20 characters, using Chrome, and was able to C&P.
    I was surprised, because usually they want manual entry.
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I know, I was being sarcastic. They want to prevent people to copy/paste passwords, but it will only force people to make weak passwords.
    It took me about 10 min to change password on paypal, I had to practice typing it into notepad to be finally able to type it properly. :mad:
     

    Attached Files:

  15. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means
    http://www.theregister.co.uk/2014/05/22/ebay_password_encryption/
     
  16. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Exclusive: EBay initially believed user data safe after discovering breach | Reuters
     
  17. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    upload_2014-5-23_17-46-42.png
     

    Attached Files:

  18. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
  19. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I have not thought about that. Next time, I will try to use Keepass to create a password. I will put the password to login as well and it will probable autotype it.
     
  20. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    very good idea! :thumb:

    I uninstalled it lately and started using copy and paste from an encrypted text file but i'm gonna re-install it right now because of this.
    I still have my keypass database saved on a drive so it's a no-brainer.
     
  21. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    They finally got around to putting a notification on the home page... and Devin Wenig, President, eBay Marketplaces has sent emails to all users regarding the need to change passwords.
    Of course the email contained the requisite apology, along with a hollow pledge describing how committed they are to ensuring a safe and secure online experience for us all. :rolleyes:
     
  22. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    If you use Lastpass you can make the password as strong as you want and as strong as ebay or whatever site allows it to be. Only one master password needs to be remembered.
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,078
    The eBay breach explained
    http://www.scmagazine.com/the-ebay-breach-explained/article/360998/1/
     
Loading...
Thread Status:
Not open for further replies.