Your Ebay password

[Flynnwood]

In case you haven't seen the news, change your ebay password.

http://www.bbc.co.uk/news/technology-27503290

"The database ... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.

 

[doorframe]

Done. Thanks for the nod.

 

[John15]

Many thanks for the reminder Flynn. I've have just this minute changed mine. Apparently 80% of people use the same password for all their logins which is worrying.
Regards,
John

 

[MMUK]

Pity it took them 3 months to tell everybody after they found out!

 

[tomatwark]

I changed mine as well yesterday, it now seems they are going to set something up that makes everyone change theirs again when they log in, only they are not sure when this will be.

Also it now seems as well as your password your address, phone number and D.O.B has also been stolen ( I missed this when I read the article yesterday)

This company are a bunch of muppets and the directors should be locked up for assisting cyber crime.

I wonder if the HMRC are trying to buy the info so they can track down sellers who are not declaring income for tax and vat.

 

[MIGNAL]

According to one security expert on the radio this sort of thing is very commonplace. It's just that Ebay have owned up to it. She stated that many other companies simply don't release the fact that they've been breached.

 

[Rhossydd]

Pity it took them 3 months to tell everybody after they found out!

Wrong. Have you read the report on what happened ? http://www.bbc.co.uk/news/technology-27503290

It says;
"attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago." and then "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today"

So a potential data breach discovered two weeks ago, NOT THREE MONTHS, that needed forensic analysis to find out if anything had been compromised.

From the facts it looks like eBay reacted pretty quickly.

 

[MMUK]

Pity it took them 3 months to tell everybody after they found out!

Wrong. Have you read the report on what happened ? http://www.bbc.co.uk/news/technology-27503290

It says;
"attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago." and then "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today"

So a potential data breach discovered two weeks ago, NOT THREE MONTHS, that needed forensic analysis to find out if anything had been compromised.

From the facts it looks like eBay reacted pretty quickly.

You honestly believe that? :roll:

 

[devonwoody]

I have not done any business with ebay/paypal for over 12 months, my credit card got hit 6 times one day when I used ebay last and so did my neighbour who was also at ebay the same day.


So until they allow payments to be made with a card over the telephone I do not do business with them.

 

[Baldhead]

According to one security expert on the radio this sort of thing is very commonplace. It's just that Ebay have owned up to it. She stated that many other companies simply don't release the fact that they've been breached.

When I worked for the county council we had to change our password every 3 months, perhaps hacking is more common than we believe it to be!

Baldhead

 

[Rhossydd]

You honestly believe that? :roll:

Yes. It's in their own best interests to give full and rapid disclosure of all details, because they know if they lie they'll be found out and then they loose all trust. For a company so closely tied to financial dealing a major breach of trust have a very serious effect on their profits.

 

[Rhossydd]

When I worked for the county council we had to change our password every 3 months

The BBC need user passwords to be changed every month. Secure, up to a point, but a complete pain for users.
Commercial operations have to tread a careful balancing act between insisting on good safe passwording protocols and convenience for end users.

 

[MMUK]

You honestly believe that? :roll:

Yes. It's in their own best interests to give full and rapid disclosure of all details, because they know if they lie they'll be found out and then they loose all trust. For a company so closely tied to financial dealing a major breach of trust have a very serious effect on their profits.

In that case, please explain why they are under investigatin over it.....

http://www.bbc.co.uk/news/technology-27539799

 

[Rhossydd]

In that case, please explain why they are under investigatin over it.....

They are being investigated about the data theft and how it occurred, NOT if they were slow in advising customers that a theft had happened.

 

[graduate_owner]

Well I for one have taken their advice and changed my password. I've changed it to 'new-cybercrimes-top'. I bet no one will guess that so I should be pretty secure now.

K