eBay got hacked - change your password.

maflynn

Moderator
Original poster
Staff member
May 3, 2009
63,851
30,367
Boston
CNN is reporting that ebay got hacked. If you have an account change the password.

Edit: I updated my paypal password just to be safe as well.
 

bradl

macrumors 601
Jun 16, 2008
4,006
11,823
CNN is reporting that ebay got hacked. If you have an account change the password.

Edit: I updated my paypal password just to be safe as well.
From the link, it appears that Paypal is unaffected, as it is on an entirely different network, so you should be okay there.

But this happened 2 months ago. I understand needing time for full disclosure and preventative measures, but that is a good chunk of time. What gets me is that their PR release about this doesn't indicate a date on when the statement went out, so it's even harder to verify time on this or what happened when.

Nevertheless, ebay password changed. Thanks for the PSA!

EDIT: What concerns me more is the amount of information they were able to get. All of it is PII data (Personal Information), some of it makes up some of the challenge questions banks use to identify you. While not critical info requiring encryption of that data, everyone using ebay should check their banks and monitor credit reports as well.

BL.
 

maflynn

Moderator
Original poster
Staff member
May 3, 2009
63,851
30,367
Boston
Given how intertwined paypal and ebay are, I chose not to take a chance. :)
 

LethalWolfe

macrumors G3
Jan 11, 2002
9,366
119
Los Angeles
From the link, it appears that Paypal is unaffected, as it is on an entirely different network, so you should be okay there.

But this happened 2 months ago. I understand needing time for full disclosure and preventative measures, but that is a good chunk of time. What gets me is that their PR release about this doesn't indicate a date on when the statement went out, so it's even harder to verify time on this or what happened when.

Nevertheless, ebay password changed. Thanks for the PSA!

BL.
The hack started two months ago but eBay itself didn't discover it until two weeks ago.

From the OP's link:
To hack into the eBay database, the cyber attackers managed to get their hands on "a small number" of eBay employee log-in credentials, the company said. They then used that to worm their way into eBay's corporate network. The hackers grabbed the customer database between late February and early March.

It wasn't until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft.
 

LizKat

macrumors 603
Aug 5, 2004
5,324
29,865
Catskill Mountains
Slowly but steadily we descend to the days when tribal customs safeguarded doing business with strangers…

Take item to marketplace, accompanied by hostage negotiator, designated hostage, a passel of warriors and some backup horses or camels.

Make the hostage and negotiators comfortable. Remind warriors they are there to guard the hostages and the negotiators, not to squabble with either negotiator over how much of a bribe it would take to look the other way while other guy’s hostage disappears.

Start the pre-transaction process: look the stuff over, bite the gold piece, etc.

Looks good? Swap items and go home.

Looks not so great? Use your imagination. This is not like getting hacked. This is like, you know, getting HACKED.

Notice that no paypal, bank, credit card or other middleman ever got involved here. All that was ever at risk was just a couple of hostages, one from each tribe plus the accessories to mind those hostages. You know… your mother in law, youngest brother, etc. and some guys from the ‘hood to look after them.

Fact: I was thinking of reviving a PayPal setup the other day because I was looking for an old PowerBook to cannibalize for parts. Think I’ll stick to the tribal ways for now. Thanks for the heads up.
 

firedept

macrumors 603
Jul 8, 2011
5,606
454
Somewhere!
Ebay Hacked!

Not surprised. Was waiting for the day this was going to happen. Am surprised that it took eBay so long to find it. I realize not so easy to find sometimes but their safeguards must certainly be better than average. They must have some kind of team that monitors for this kind of thing. But what do I know. I am not knowledgeable in this area of security.

Oh well, passwords updated and we shall see what the fallout brings. Hopefully nothing bad to my account, but certainly eBay will suffer some for a little while.

Quoted:

"eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.


eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."


The statement follows an odd stream of events this morning when eBay-owned PayPal posted a blog entitled "eBay, Inc. to Ask All eBay users to Change Passwords." The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal's site, causing even more confusion for users of the online auction house."
 
Last edited:

Shrink

macrumors G3
Feb 26, 2011
8,914
1,596
New England, USA
Brilliant thinking! I changed both passwords just now too. Thanks for the heads up.
Yup I did the same thing. Since they are both connected who knows if they are able to deduce your paypal account from your ebay account. Can never be too safe.
Since all you smart guys changed both passwords, and since I'm not so smart but maniacal about security...I changed both passwords, too.:p
 

D.T.

macrumors G3
Sep 15, 2011
8,919
6,734
Vilano Beach, FL
OK, changing password from ebayuser to ebayrulez - should be easy to remember, plus it’s 8 characters so it’s totally secure, right?
 

apolloa

macrumors G5
Oct 21, 2008
12,249
7,701
Time, because it rules EVERYTHING!
Sigh, of I go to change all my passwords. Very annoying.

It seems some have better security than others, for instance Amazon tells you it gets hacked on a daily bases, and so far....... they have not been successful so it makes you wonder what do they do that is different to ebay? Then again a British man in Britain can hack into the US Military defence networks sooo......

Guess it's the world we live in?
 

Eidorian

macrumors Penryn
Mar 23, 2005
29,081
287
Indianapolis
I am seriously thinking of jumping on the 1Password train. Getting difficult to manage all of my passwords and think this just might be the tipping point.
I waited for the Christmas sale at 25% off and then it was 50% when Heartbleed showed up. I really enjoy the Mac/Windows bundle. Though the Android password reader app could use some more polish to bring it in line with the iOS version.

I strongly recommend it and it's cross platform. I do still have a few old notes in Keychain Access.
 

Shrink

macrumors G3
Feb 26, 2011
8,914
1,596
New England, USA
I am seriously thinking of jumping on the 1Password train. Getting difficult to manage all of my passwords and think this just might be the tipping point.
I'm not knocking 1Password, but would suggest giving LastPass a look. I've been using it for a long time, and it does everything I need, is cross platform, and is free. Don't let the free part put you off...it's really a good app.
 

SandboxGeneral

Moderator emeritus
Sep 8, 2010
24,966
7,908
Detroit
I'm not knocking 1Password, but would suggest giving LastPass a look. I've been using it for a long time, and it does everything I need, is cross platform, and is free. Don't let the free part put you off...it's really a good app.
I, too, use LastPass and love it. I'm sure 1Password is excellent too, but I started with LastPass and that's where I'll stay.