Ebay Cyberattack

Mr Simpson

Seems like the most appropriate forum for this.

Sky are reporting that ebay are telling everyone to change their passwords. Apparently they have said they dont believe data has been compromised following a cyberattack, but best practice is for everyone to change passwords

http://news.sky.com/story/1266135/ebay-users-urged-to-change-their-passwords

Spocker

According to RTE "non-financial information was stolen"

http://www.rte.ie/news/2014/0521/618759-ebay/

Rossi IRL

If i only made an account last week, would i still have to change my password?

allthedoyles

I have checked emails , logged in to eBay as well , and cannot see any messages anywhere about this instruction

chasm

allthedoyles wrote: »

I have checked emails , logged in to eBay as well , and cannot see any messages anywhere about this instruction

Had to root for it too, It's at the bottom of the page under "announcements". I would have thought they would make it more noticeable tbh.

Greenmachine

Got an email, purporting to be from ebay. I was not sure if it was spam. Not sure how to proceed now.

allthedoyles

chasm wrote: »

Had to root for it too, It's at the bottom of the page under "announcements". I would have thought they would make it more noticeable tbh.

Thanks - I see it now - this is what they say :

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today

Mrs Garth Brooks

Got an email in the morning with someone in the US trying to hack into my gmail account and my account blocked until I answered some security questions.

I presume they hacked into my ebay account first and then tried with gmail.

Anyone get the same ?

Yamanoto

Still no communication from ebay on the matter, which is a little odd.

Going Forward

HardLuckWoman wrote: »

Got an email in the morning with someone in the US trying to hack into my gmail account and my account blocked until I answered some security questions.

I presume they hacked into my ebay account first and then tried with gmail.

Anyone get the same ?

I presume you've changed your ebay and gmail password by now.

They also have your name address phone number and DOB. Quite a bit.:mad:

Very poor how ebay is handling it and their security.

deise08

So what do we do? do we change passwords?

Mrs Garth Brooks

Going Forward wrote: »

I presume you've changed your ebay and gmail password by now.

They also have your name address phone number and DOB. Quite a bit.:mad:

Very poor how ebay is handling it and their security.

I didn't know about the ebay hacking until I read here.

All passwords have been changed.

And as an extra security mesure on gmail you can get them to send them a verication sms to your mobile with each computer you login to. They send you a password to your phone. Dead handy. No one else could possibly hack into my gmail account now.

What about paypal details with this ebay hacking?

Aren't they the same company after all ?

Mrs Garth Brooks

deise08 wrote: »

So what do we do? do we change passwords?

Yes.

allthedoyles

All your questions are answered at this eBay link :

http://www.ebayinc.com/in_the_news/story/faq-ebay-password-change

Rucking_Fetard

Rossi IRL wrote: »

If i only made an account last week, would i still have to change my password?

Nope, breach was months back. Though I still would for the sake of a few mins.

Greenmachine wrote: »

Got an email, purporting to be from ebay. I was not sure if it was spam. Not sure how to proceed now.

Yea, this is being really badly managed, people will see the news on the breach then see an e-mail, assume they're connected....ah.

Go Direct to the Bay and change it. Never follow links in E-mails.

Incidentially, that's how this breach occured....I think...Ebay said

"Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network."

I take that to mean Someone opened a dodgy mail or link. It's happening the whole time.

Yamanoto wrote: »

Still no communication from ebay on the matter, which is a little odd.

It's Pathetic is what it is. ASKING people to change Passwords like it's no big deal. They shouldn't let people on the site at all till they change Passwords. First screen you should see when on the Bay should be the Please enter whatever you're e-mail is so they can send the password change message to it.

Very bad.

deise08 wrote: »

So what do we do? do we change passwords?

Yep. Actually since the Heartbleed Bug, you should change ALL your passwords. It'd be no harm.

HardLuckWoman wrote: »

And as an extra security mesure on gmail you can get them to send them a verication sms to your mobile with each computer you login to. They send you a password to your phone. Dead handy. No one else could possibly hack into my gmail account now.

What about paypal details with this ebay hacking?

Aren't they the same company after all ?

Don't be so sure on the sms thing, have a look...

shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/



No financial details were in the files breached but if using the same password!!! Change it.

I'd change it anyway.

meoklmrk91

Tbh I think Ebay are handling this pretty poorly, they should have a huge banner on the front page of their site telling a everyone to change their passwords. If people hadn't heard the news about the hack they may think that the email was nothung more than an attempt from someone to get their password!

I know that this isn't the place for this but we really need to figure out something that isn't as archaic and easy to hack as passwords, we have too much information about ourselves online now for this to be our only safeguard.

Rucking_Fetard

meoklmrk91 wrote: »

I know that this isn't the place for this but we really need to figure out something that isn't as archaic and easy to hack as passwords, we have too much information about ourselves online now for this to be our only safeguard.

Oh they's loads of stuff in the pipline about this, finger print readers, heartbeat monitors, iris scanners, a whole load of biometric stuff.

It'll probably all be just as breakable when it comes along though.

GarIT

Rucking_Fetard wrote: »

Oh they's loads of stuff in the pipline about this, finger print readers, heartbeat monitors, iris scanners, a whole load of biometric stuff.

It'll probably all be just as breakable when it comes along though.

I use randomly generated passwords, which is the exact same as any type of verification anywhere, everything you have mentioned generates a random number based on patterns, on your finger or in your eye etc, it can still be bypassed by just getting the number right.

meoklmrk91

GarIT wrote: »

I use randomly generated passwords, which is the exact same as any type of verification anywhere, everything you have mentioned generates a random number based on patterns, on your finger or in your eye etc, it can still be bypassed by just getting the number right.

Interesting stuff, thanks, must do some more research into this, surely though a fingerprint and a password would make it harder to bypass?

Rucking_Fetard

GarIT wrote: »

I use randomly generated passwords, which is the exact same as any type of verification anywhere, everything you have mentioned generates a random number based on patterns, on your finger or in your eye etc, it can still be bypassed by just getting the number right.

Yea, I must have a proper look at the next article I see (have only been skimming them) and see is their more to them than matching like an "eye profile" the site you are gonna use has saved on you.

Must be though, surly...blood flow or something.

I'll update.

GarIT

meoklmrk91 wrote: »

Interesting stuff, thanks, must do some more research into this, surely though a fingerprint and a password would make it harder to bypass?

Depending on how it's done it could be easier, one I had on an old laptop built up a 64 digit code based on 8 different points on your finger. One of the problems with it was that it allowed a tolerance so if your finger was mostly the same as before it would still generate the same code. The other problem was that you could brute force the password in theory by trying very generic fingerprints and varying them slightly.

The limitation to all these technologies is that digital information can only be stored in numerical form, any number is open to brute force. Numbers can be made difficult but not impossible to crack.

meoklmrk91

GarIT wrote: »

Depending on how it's done it could be easier, one I had on an old laptop built up a 64 digit code based on 8 different points on your finger. One of the problems with it was that it allowed a tolerance so if your finger was mostly the same as before it would still generate the same code. The other problem was that you could brute force the password in theory by trying very generic fingerprints and varying them slightly.

The limitation to all these technologies is that digital information can only be stored in numerical form, any number is open to brute force. Numbers can be made difficult but not impossible to crack.

Thanks for this, really interesting stuff, will be reading into it more, how companies secure our data and how we protect it is by far one of the biggest issues we are going to have going forward in the digital age.

beyondbelief67

Only got an email telling me to change my password yesterday !!!

Rucking_Fetard

GarIT wrote: »

Depending on how it's done it could be easier, one I had on an old laptop built up a 64 digit code based on 8 different points on your finger. One of the problems with it was that it allowed a tolerance so if your finger was mostly the same as before it would still generate the same code. The other problem was that you could brute force the password in theory by trying very generic fingerprints and varying them slightly.

The limitation to all these technologies is that digital information can only be stored in numerical form, any number is open to brute force. Numbers can be made difficult but not impossible to crack.

https://www.grc.com/sqrl/sqrl.htm

Rucking_Fetard

Mrs Garth Brooks wrote: »

What about paypal details with this ebay hacking?

Aren't they the same company after all ?

Ebay/Paypal to become seperate companies.

Rucking_Fetard

MasterCards will soon come with a built-in fingerprint scanner

Zwype cards will be available in 2015 on MasterCard plastic from a number of banks and financial institutions. The company points out the technology has survived a real-world trial in Norway, so it should at least function somewhat well in less adverse conditions.

allthedoyles

So I presume I will have lots of thumb prints on my wide-screen monitor .:)

Anyway I use Visa , so don't have to worry about this for a while .

Rucking_Fetard

GarIT wrote: »

Depending on how it's done it could be easier, one I had on an old laptop built up a 64 digit code based on 8 different points on your finger. One of the problems with it was that it allowed a tolerance so if your finger was mostly the same as before it would still generate the same code. The other problem was that you could brute force the password in theory by trying very generic fingerprints and varying them slightly.

Fingerprints are Usernames, not Passwords