"eBay has reset everyone's passwords as a precaution"
I just logged in with my original password and it didn't ask me to change it.
eBay has told people to change their passwords for the online tat bazaar after its customer database was compromised. Names, dates of birth, phone numbers, physical addresses, email addresses, and "encrypted" passwords, were copied from servers by attackers, we're told. Credit card numbers and other financial records were not …
" Also, the claim that eBay has notified users is false as well."
No it's not, because *I* was notified.
So it just seems they haven't notified ALL users.
However, it wasn't well communicated. I received a missive informing me that MY account had been hacked. Rather than fessing up and saying WE have been hacked.
So...where's the class action suit for failure of data protection...?
I jumped the gun in the edit - eBay actually said: "eBay users will be notified via email, site communications and other marketing channels to change their password."
So you'll have to do it yourself. If you spot something wrong in an article, drop us a line to corrections@thereg so we can fix stuff straight away.
You may disapprove, downvoter, but the fact remains that the attempt to link my ebay and paypal accounts so I could pay for stuff without the inconvenience of logging into paypal occurred on the 13th. That is right in the middle of the time between discovering the hack and disclosing it. Also refusing locked my account somehow and I couldn't buy useless shit for two days after the refusal.
I am somewhat concerned that my personal information is now released into the wild by sloppy security. Can we sue ebay when someone assumes my identity (yes, half a joke because that's not the UK way - but it is a serious issue which Ebay seem to have minimised.
And, yes, I logged into the.com site and it did not ask me to change my password.
Lucky for me I rarely use my real date of birth for any online site. (Often not even my real physical address, just one I can collect deliveries from).
Sure, it makes things much more interesting when asked security questions and also breaks the site terms, but it also makes my information much harder to steal.
Although, my actual credit score is terrible because of this practice (& that I spend beyond my means).
I always thought there was some sort of data protection law in force. Wonder what the penalties are.
eg Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data
Probably never been ratified because it's 'foreign'.
Yes, that would be my only concern. Not sure if I have an account with them. If I do it is more than 10 years old and I haven't used it since I created it. Not sure I'd recall what the password is if I tried. Pretty sure it was attached to an ISP email account that I couldn't get a password reset on because of merger magic. So at least as far as I'm concerned the only thing there they could steal is my identity.
Here we go again. Shoddy security and poorly trained staff coupled with plaintext details stored on an (apparently) easy to access back end.....
Companies like this should have the arse fined off them to demonstrate that its not acceptable in this day and age...
At least in my case they have no genuine details but that is only by good sense on my part.
Still, no emails asking me to change my false details for more false ones and no word on the level of encryption used. These days, your personal details are worth more than financial ones...
"Yes, they do, to the registered address on my PAYPAL account!!!!!
Not to the false one listed on my ebay account!!!!!"
Do you realise that Paypal and Ebay are the same company? If Paypal have your address, then so do Ebay.
Nice use of exclamation marks - you seriously wanted to exclaim that post.
Do you realise that the details are stored on totally seperated systems and Paypal have publicly stated that none of the details on THEIR servers have been affected?!?
Nice display of utter ignorance there. No wonder you decided to post anonomously...
"Do you realise that the details are stored on totally seperated systems and Paypal have publicly stated that none of the details on THEIR servers have been affected?!?"
\right, so you are a psychic who predicted it would be ebay that would be hacked and not paypal. You hadn't mentioned your special abilities before, impressive.
Good god, the thickness is strong in a lot of folks today.
This is my fake ebay address.
01 DO NOT USE THIS
USE THE PAYPAL ONE
Anyone whom thinks that that is a real address is about as much as a numbnuts as the commen(re)tards who downvoted my post without first actually thinking about it.
Also sounds like they don't know the difference between hashing and encrypting - most sites hash passwords (with a salt), so they cannot be "unencrypted". I would assume, if they are storing the important personal information in plain text, that they aren't encrypting the passwords, but simply hashing them - if the rest of the fiasco is anythong to go by, probably MD5 with no salt. :-P
And for your next challenge, try finding the 'Change Password' link on PayPal's site.
I ended up using the help system in the end, only to find that their help system was offline.
(it's in My Account > Profile > My Details).
Also, why do both PayPal and eBay have a 20 character limit on passwords?
I just found this with ebay's password reset functionality. Ridiculous. To make it worse the form requires JS to work (great design there), so can't disable it to allow the pasting.
In the end I had to use firebug to edit the input's value to paste in my actually secure password rather than just using my cat's name. It's like they want people to use rubbish passwords!
Biting the hand that feeds IT © 1998–2019