eBay released this statement a few minutes ago and we publish it verbatim. We’ll give you more when we know it.
eBay Inc. To Ask eBay Users To Change Passwords
eBay Inc. said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.
Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
30 Responses
Disgusted with ebay. Data security clearly has an extremely low priority. This spells doom as buyers will stop using the site. This happened in March according to the news and we are only told now! Do we trust what ebay say?
yeah that was only a routing cable dns data link thingy problem the other evening?
Cyber attack? Or a clever but rather desperate attempt to get millions of users flocking back to the site?!
If this occurred at the time of the Heartbleed security breach when eBay advised the world that their systems were secure and at no risk then I suspect they will now be in some trouble.
If it was something else then there remain many questions. Start here …….. https://countermeasures.trendmicro.eu/oy-vey-ebay-five-questions-for-you
Their lethargic discovery/communication is worrisome.
What use will changing passwords do now? They say that these were encrypted, so there shouldn’t be a problem.
What was not encrypted was everyone’s personal data – name, address, DOB etc etc.
Why wasn’t that encrypted?
I’m not expecting an answer from ebay, I’m not that naive! It’s just another example of how bad the company has become.
Ebay has a major slump in the Google rankings and now this publicity about a February atack? Could there be a link? A desperate attempt to boost sales before the giant “11Main.com” arrive?
The BBC has been carrying the story. But has anybody noticed that the Logo that the BBC is using in the story is the old, long replaced, ‘dancing’ ebay logo. So yet again the BBC shows how up to date and informed that it is.
It really is time that the BBC is Privatised and the massive taxatioon that funds its excess is ended.
A while ago Noel Edmonds announced that he had put together a scheme to take over the BBC. Perhaps now is the time to take him up on it. After all no matter how bad Noel Edmonds and his consortium was it would be vastly better than the BBC as currently constituted.
just reset my browser – tryied to log back into ebay to finish orders –
cant get in tgo change the bloody password, cant contact CS as it ask me to log in…FARCE !
Page not available
Ebay is asking its users to reset their passwords due to the unauthorized access to our corporate information network. This may result in a delay of service due to the high traffic volume. We ask for your patience and that you return to eBay soon. In the meantime, please be assured that no activity can occur on your account until your password is reset.
You may also visit Customer Service
Love it
https://www.ebay.co.uk/trylater
How many Low DSRs does this deserve.
eBay now is a ‘Below standard seller’
item as described *
Communication *
Description *
Neg: Seller made alot of promises and did not deliver. The item is not as described.
I agree this is inconvenient but its not like only google have been affected. Hundreds of companies throughout the world have been hit with various attacks recently and eBay have made it very clear that we should change passwords which takes maybe 30 seconds. Paypal is not affected which you could argue would be the most important thing.
The one slightly worrying thing from the other post is there is a very very clear decrease in eBay presence on google right now. That is extremely bad news especially with a potentially wet bank holiday weekend on the way.
strange going’s on – as advised, changed my passwords last night on my desktop. Go on laptop today and i could still get onto my ebay accounts with old stored passwords, why is that?
WAY TO GO EBAY! here is what happened when I went through the Change Password process :
BIG RED BANNER
Sorry. We’re currently experiencing technical difficulties and are unable to complete the process at this time
And followed by an e-mail :
This is a courtesy message to let you know that your eBay password has been successfully changed. No response is needed.
Thank you,
eBay Trust Team
Have they a clue what is going on?
IF YOU ARE CHANGING A LONG EBAY PASSWORD I CAN SAVE YOU A BIG HEADACHE.
I spent 2 hours yesterday trying to change my eBay passwords & learned a lot at my own expense. The eBay rep I spoke to could not understand why the system was rejecting my current password but after such a long tedious slog changing my 9 passwords I eventually figured out myself that the problem occurs if you have a password over 20 characters long. Because eBay now no longer allow more than 20 characters you can’t change your password using your current password because eBay’s system will not accept your current password as a valid password. This is one almighty cock up of their behalf and to find out at a time when everyone is trying to change their passwords is unforgivable. It’s an incredibly stupid error for such a massive company to miss out. You have to use the I forgot my password link even though you have your password. The other problem I encountered was trying to get a STRONG password. I used 5 random numbers 5 random upper & lower case letters & 5 numbers & could only get a medium password. After phoning eBay again I was told to just use a medium password but I insisted that this was not acceptable. I did not want to spend time changing 9 passwords if they were only going to be medium. After repeating myself at least 5 times insisting I wanted a strong password I was eventually told to make sure I used one symbol at the start then a number & at least one upper & one lower case letter. It worked fine then. I now have a strong password that only has 7 characters instead of 24. On the change password page it says to use at least 2 of the following…one upper one lower case letter, numbers or characters when in reality you only get a strong password if you use all 4 options & start with a character.
in eBays published Q&A statement they mention that “The attack resulted in unauthorized access to a database of eBay users that included: name, address,…… ” etc. The word that worries is “INCLUDED”, what else was lost? Did they for example give away our Security Questions and Answers, or our historic passwords (which they seem to store ad infinitum), previous addresses, sales/purchase history or links to same, etc.
I am surprised that nobody has quoted ebay in regard to the latest ebay cock-up. Whenever I look at ebay there is a flashing box and one of the items that flashes in it is:- ‘Selling on ebay is full of Good Surprises’. It was originally to do with the ending of 100 Free 99p and under items per month and its replacement with 35p massive listing fees and just a nominal 20 free listings per month. But it is no doubt appropriate for everything else including having to change passwords etc.
We just took a call here from someone asking us to complete a transaction off eBay. Not uncommon and we normally direct them back to the site to complete the transaction there.
But this lady told us that she was really concerned to buy from us on eBay because she’d heard about the security flaws and was worried about it.
We tried to reassure her that it was safe to buy on eBay and pay with Paypal but she wasn’t to be persuaded.
if you were worried about every thing that could happen or might happen you would never cross the road or get out of bed
were just getting on with selling, nothing really bad has happened to any individual thats known of because of this,
its all mostly paranoia
Usually the users with the access level necessary to have ready access to this data are pretty tech savvy.
They aren’t the sort to fall for phishing email tricks and similar scams. They aren’t the sort to use ‘password’ as their system access password.
There are several well documented similar cases where such a breach has been a deliberate act by an employee. Said employee could then ‘blame’ a phishing attack or similar to try to avoid taking the rap for her / his crime.
My guess is that we will never know the truth of what really happened here.
Honestly, ebay is becoming more stupid by the day.
They want the perfect selling platform and act like nothing should ever go wrong when selling. Penalize every single little mistake, even if it wasn’t, that way the Sellers will tow the line and Buyers will come back to shop.
ebay made a massive mistake and kept it quiet for two months !! really really disgusting.
eBay are a greed based company and deserve all the flack that they attract. They are expensive and charge 10% on the shipping costs for doing nothing at all. Integrity is not a word that you can associate with eBay and if you are a seller they will refund funds straight from your bank account on the say so of a disgruntled buyer without bothering to check the facts or details at all. As a member of eBay you are always in the wrong because they, eBay are so up their own backsides.
its frustrating that despite the growth of e-tailing and the benefits to the ultimate consumer in lower prices and wider choice – the same hasn’t been true at the ‘service provider’ level
when we see price competition break out we may have an indication of a ‘mature’ (lower growth rate) market
this has occurred in parcel distribution – service quality and prices are far better than they were several years ago – and the market (according to royal mail) is rather flat
While I agree that 2 -3 months before announcing this is unacceptable, Ebay are in a damned if you do, damned if you don’t position
A “hi guys we got hacked last night” mail the day after the event probably wouldn’t have gone down all that well either.
Nothing is 100% safe, if someone made it, someone else can always take it apart.