eBay have posted a message signed off by Devin Wenig, President, eBay Marketplaces asking users to change their passwords. The message is linked from the eBay home page or can be found at .
Changing your password on eBay Mobile Apps
What the message doesn’t tell you is how to reset your password if you’re using an eBay mobile app. The answer is that you can’t. If you’re a mobile app user you will need to log onto a browser and the main eBay site to change your password.
We know there are millions of eBay mobile app users and suspect that many of them have never visited the main eBay site but instead purely relied on their mobile device for eBay shopping. That may be even more true in countries other than the UK.
Hearts and Minds
What’s missing in the message is the word “Sorry”, or any advice on steps you can take to protect yourself from identity fraud. Personally I’m not that bothered – the information snatched from eBay is pretty easy to come by anyway if you know where to look on the net (for instance apart from your date of birth many UK business sellers publish the other information – address, email, phone number etc – on every eBay listing). That won’t be true for many however who will listening to the scaremongering about their bank accounts being raided or receive a phishing email which suddenly seems much more sinister than the one they received last month or last year.
eBay need to send a strong message to buyers that eBay is a safe place to do business, and the “Important Password Update” message is a good start. Here at Tamebay we look forward to the battle of hearts and minds which in some ways is far more important than the security breach itself. The press are on one side (eBay security breach is a great big juicy story that will run and run), eBay are on the other. eBay need to win the war.
Here’s the full text of the message from Devin:
Important Password Update
Keeping Our Buyers and Sellers Safe and Secure on eBay
On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.
Because your password is encrypted (even we don’t know what it is), we believe your eBay account is secure. But we don’t want to take any chances. We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.
Here’s what we recommend you do the next time you visit eBay:
1) Take a moment to change your password. You can do this in the “My eBay” section under account settings. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users already have updated their passwords.
2) Remember to always use different passwords on different sites and accounts. So if you haven’t done this yet, take the time to do so.
Meanwhile, our team is committed to making eBay as safe and secure as possible. So we are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.
Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.
Devin Wenig
President, eBay Marketplaces
27 Responses
There is no “account settings” in my Ebay maybe they should try & get it right under account & personal information, password & edit unless I am a complete idiot. Come on Ebay stop taking my fees for nothing !!!
Not had a single email from eBay about this, I joined eBay in 2004.
It’s nice to be appreciated.
Mind you, I have lots of defects.
Jokers.
Sky News has just tweeted this:
Reuters: New York’s Attorney General asks eBay to provide free credit monitoring for all 145 million users following a security breach
ebay are even dumber than I thought they were.
Message on the website is not much use to the people who don’t visit often – these are exactly the kind of members who are most vulnerable.
What’s wrong with an email?
so what about the one could be a scam that does contain a link? ebay would then get the blame for that too,
there damned if they dont , damned if they do, nothing serious has actually happened other than a PR disaster for ebay its all hypothetical so far
I have not received the mentioned message from eBay! although I have been an eBay seller for fourteen years.
In my opinion there if a huge flaw in the ‘security’ advice offered concerning passwords.
We are advised to have different passwords for every application, clever involved complicated passwords (I have about thirty to consider) for banking, shopping, messaging, surfing etc – but choose ones we can remember but never write down. How is this possible for us mere humans?
I always ask how to do this but they can never advise on or commit themselves on this. How on earth can we avoid writing down passwords until ‘they’ come up with some way of remembering them?
as usual the biggest problem seems to be ebays disdain and arrogant attitude towards its members
EBAYS PHONE SUPPORT WAS ENGAGED ALL DAY YESTERDAY. I KNOW WHY. THERE ARE 2 REASONS WHICH ARE STILL NOT RESOLVED. The eBay rep I spoke to on the phone could not understand why the system was rejecting my current password but after spending ages changing my 9 passwords I eventually figured out myself that the problem occurs if you have a password over 20 characters long. Because eBay now no longer allow more than 20 characters you can’t change your password using your current password because eBay’s system will not accept your current password as a valid password. You have to use the I forgot my password link. The other problem I encountered was trying to get a STRONG password. I used 5 random numbers 5 random upper & 5 lower case letters & 5 SYMBOLS & could only get a medium password. After phoning eBay again I was told to just use a medium password but I insisted that this was not acceptable. I did not want to spend time changing 9 passwords if they were only going to be medium. After repeating myself at least 5 times insisting I wanted a strong password I was eventually told to make sure I used the @ symbol at the start then a number & at least one upper & one lower case letter. It worked fine then. I now have a strong password that only has 7 characters instead of 24. On the change password page it says to use at least 2 of the following…one upper one lower case letter, numbers or symbols when in reality you only get a strong password if you use all 4 options & start with a @ symbol. Why Oh Why cant eBay update their website with this information & save their customers the hassle of finding out by themselves by trial & error? I can update my site in 30 seconds.
Chris, It’s eBay’s password system that creates the confusion. for instance H5gY7t3E24dgKpVjdvAz according to eBay is only a medium strength password. But @7YkOi9 is strong. How they work that out is beyond me but that is what I was told by the rep during a 30 minute conversation. I was put on hold 3 times while she got me this info. If I had not insisted I did not want a medium password I would never have found out. Anyhow you can use 20 characters if you like. Doesn’t have to be 7.
What’s the point in having a strong password on eBay anyway. The hackers have now stolen all the ‘encrypted’ passwords under ebay’s protection. The passwords may have been strong, week or medium. It made no difference. ebay have allowed them all to be taken.
What’s the point of ebay advising customers to use strong passwords if they then pass them on in bulk to the hackers?
our address and telephone number is easily available to anyone on ebay anyhow they dont need to hack it
Due to all the emails going backwards & forwards re Password Resetting I haven’t received any Saved Searches emails for 2 days – eBay chat line informed me today that:
I understand the importance of receiving saved search notification, let me tell you proactively that we have temporarily stop sending notifications. As there are lots of members trying to reset password, we wanted to make sure first that members do receives email notifications about passwords.
I informed them it would be a good idea to let members know on the Announcement Board!!
.
Re; “What’s missing in the message is the word “Sorry”.
Honestly, what do we expect??…. The day ebay accept they are at fault for anything, will be the day we all look into the sky, in amazement, as there it will be the illusive flying Pig…..
Pretty shoddy PR, ebay, first you piss off all your sellers, now you piss off all the buyers…..,
So now my easily remembered password is not longer valid, I’m being forced to use one with caps, symbols, numbers, etc. One that I will never remember. So what do I do? I write it down, making it far more vulnerable to theft. But hey–that’s not eBay’s problem, right? Way to pass the buck.
.
AT last….
Early this morning received emails in our inbox from ebay requesting password change…Better last than never, as they say!!
These things happen in the modern world, its just part of life. Look at Sony and their Playstation fiasco a few years back. At least ebay got the message out though some controlled and uncontrolled media. I saw it on watchdog and changed the email. I know its easy to bash ebay on many things (including the August changes which I find extreme), but on this occasion I think they did the right thing.