amuck-landowner

eBay hacked. Change your password.

MannDude

Just a dude
vpsBoard Founder
Moderator
 eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

  eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."

  The statement follows an odd stream of events this morning when eBay-owned PayPal posted a blog entitled "eBay, Inc. to Ask All eBay users to Change Passwords." The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal's site, causing even more confusion for users of the online auction house.

eBay has since posted information about the hack on its official blog. The company will ask all users to change their passwords starting later on Wednesday.

Source: http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ && https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
I hope this doesn't impact PayPal... doesn't ebay own PayPal? :(

I changed my password.
Both the eBay and PayPal web sites have had several XSS vulnerabilities in the past...a few of which went unnoticed or unpatched for lengthy periods of time.  Back in 2005-2006 there was a XSS vulnerability in eBay auction listing pages that eBay was notified about and didn't bother to patch for over 1 year http://www.kb.cert.org/vuls/id/808921).  The most recent XSS vulnerability on the PayPal site was just last year http://threatpost.com/paypal-site-vulnerable-to-xss-attack
 
Last edited by a moderator:

Kakashi

Active Member
Verified Provider
From what I've read, Paypal are not affected by this. Different systems altogether.
 

drmike

100% Tier-1 Gogent
Seems like Ebay can't handle the mass of password changes either... Media reports about systems going down at Ebay due to such.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
As an Ebay user, I am disappointed that I wasn't notified by email.
Ditto. I found out on Twitter... 

Then when I did want to change my password, I had to scratch my head and rub my chin, trying to figure that out. Wasn't as straight forward as you'd imagine, but after a couple minutes had it done.
 

HBAndrei

Active Member
Verified Provider
Update:

Just got an email from ebay asking me to change my password cause of the attack they suffered, 5 days delay, but I guess later is still better than never.

07334b8425ff7623a2b7c160f6718d9d.png
 

markjcc

New Member
I logged into eBay today to check my listings, and it was complaining about changing passwords. At first I was like Nawh.. Don't need to....

Now that I have seen this thread, I changed it :p
 
Last edited by a moderator:

KuJoe

Well-Known Member
Verified Provider
I got an e-mail yesterday from eBay also. I didn't even remember I had an eBay account so I kept ignoring these kinds of threads until I got the e-mail. Good job eBay for being on top of things. :(
 
Last edited by a moderator:
Top
amuck-landowner