# eBay hacked. Change your password.



## MannDude (May 21, 2014)

> eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.
> 
> eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."
> 
> ...



Source: http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ && https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/


----------



## Conky (May 21, 2014)

I hope this doesn't impact PayPal... doesn't ebay own PayPal? 

I changed my password.


----------



## DomainBop (May 21, 2014)

Conky said:


> I hope this doesn't impact PayPal... doesn't ebay own PayPal?
> 
> I changed my password.


Both the eBay and PayPal web sites have had several XSS vulnerabilities in the past...a few of which went unnoticed or unpatched for lengthy periods of time.  Back in 2005-2006 there was a XSS vulnerability in eBay auction listing pages that eBay was notified about and didn't bother to patch for over 1 year http://www.kb.cert.org/vuls/id/808921).  The most recent XSS vulnerability on the PayPal site was just last year http://threatpost.com/paypal-site-vulnerable-to-xss-attack


----------



## Kakashi (May 22, 2014)

From what I've read, Paypal are not affected by this. Different systems altogether.


----------



## Damian (May 22, 2014)

As an Ebay user, I am disappointed that I wasn't notified by email.


----------



## switsys (May 22, 2014)

Damian said:


> As an Ebay user, I am disappointed that I wasn't notified by email.


+1


----------



## Navyn (May 23, 2014)

Do not have any account on ebay.


----------



## drmike (May 23, 2014)

Seems like Ebay can't handle the mass of password changes either... Media reports about systems going down at Ebay due to such.


----------



## MannDude (May 23, 2014)

Damian said:


> As an Ebay user, I am disappointed that I wasn't notified by email.


Ditto. I found out on Twitter... 

Then when I did want to change my password, I had to scratch my head and rub my chin, trying to figure that out. Wasn't as straight forward as you'd imagine, but after a couple minutes had it done.


----------



## Artie (May 23, 2014)

I've changed my password earlier today. Been meaning to get it into LastPass anyways.


----------



## jvkz (May 24, 2014)

Thanks for pointing will change right now...


----------



## HBAndrei (May 24, 2014)

Damian said:


> As an Ebay user, I am disappointed that I wasn't notified by email.


This is very unprofessional for them, but I've changed my pass, so it should all be good.


----------



## HBAndrei (May 26, 2014)

Update:

Just got an email from ebay asking me to change my password cause of the attack they suffered, 5 days delay, but I guess later is still better than never.


----------



## markjcc (May 29, 2014)

I logged into eBay today to check my listings, and it was complaining about changing passwords. At first I was like Nawh.. Don't need to....

Now that I have seen this thread, I changed it


----------



## KuJoe (May 29, 2014)

I got an e-mail yesterday from eBay also. I didn't even remember I had an eBay account so I kept ignoring these kinds of threads until I got the e-mail. Good job eBay for being on top of things.


----------

