eBay Hacked, Bleeds Data And Why You Need To Act

[James C]

eBay Hacked, Bleeds Data And Why You Need To Act

http://www.forbes.com/sites/jameslyne/2 ... ed-to-act/

eBay Inc has in the last few hours have confirmed in an announcement that they have been compromised and that users will need to take action to protect themselves. The compromise, which took place sometime between late February and early March allowed the attackers access to customers names, e-mail addresses, encrypted passwords, e-mail addresses, postal addresses, phone numbers and date of births. In other words sufficient data to potentially cause havoc on your online and offline life .

When LinkedIn lost >5M password hashes over 60% of them were broken within two days of the breach . In my role as a security researcher and tester I’ve often fired up cracking tools and a single laptop to hunt password hashes (with permission and I should add with great success) but imagine what the cyber criminals can achieve with their substantial botnets (large networks of computers running remote control code that can be tasked with anything the cyber criminal wants) and the benefit of time on their side. For every moment that you do not change your password you are racing the vast computing power of a criminal gang and time itself. In short, it is undoubtedly best to assume that your password has been compromised, to check over your account for any strange signs and then change your password as quickly as possible

[Ted Dog]

stopped using them in 1999 when my paypay acct was emptied by insider robbery they only had to confess years later and began to return a percentage of the losses but found ways to never actually RETURN stolen funds.
I have warned others here of this and expect its worse than they are saying. Change password and your credit card Info used. They do not handle hacks or your data as well as you hope...

[bark_bark_bark]

The problem is that too many people have passwords like "123456" or "password". I would not be suprised to see if 90% of those users had dumb passwords like that.

[ThoriumBlvd]

Its much more likely a dictionary-consult would account for 90% of passwords.

[Barkin]

Here's part of the message I just got from eBay ...

Important - eBay Password Reset Required

Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

BTW if you can get eBay to rate your new password as better than "medium" secure , you're a better man than I :

I used all 20 characters permitted , at least 2 uppercase , 2 lowercase , 2 numbers , 2 special symbols,
but that password was only rated as "medium" secure by ebay. :¬(

[nitehawk]

I stopped using Ebay several years ago....due to it's involvement and total use of Paypally. I just never trusted PP in the first place, even though I had used them for a good while. But back then, Ebay accepted other forms of payment other than PP. Then it became the ONLY way to pay. No thanks. I rather go to Amazon, or to the web sites themselves. I worry about my daughter using M$windows to always shop at Ebay. Scary.

[cthisbear]

Interesting take on Passwords.

" This is a post to share two stupid password tricks that will make your
online life a little more secure without the (perceived) hassle of those
other measures."

http://www.smh.com.au/digital-life/cons ... zrnz0.html

:::::::::::

And I agree totally with >> comments from nitehawk.

Plus funds raised for different Freedom groups etc...were frozen

Chris

[bark_bark_bark]

I don't have an ebay account, and yet i got an email telling me to change the password. I ignored it.