eBay hacked. Change your password.

[MannDude]

 eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

  eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."

  The statement follows an odd stream of events this morning when eBay-owned PayPal posted a blog entitled "eBay, Inc. to Ask All eBay users to Change Passwords." The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal's site, causing even more confusion for users of the online auction house.

eBay has since posted information about the hack on its official blog. The company will ask all users to change their passwords starting later on Wednesday.

Source: http://www.cnet.com/news/ebay-hacked-requests-all-users-change-passwords/ && https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/

 

[Conky]

I hope this doesn't impact PayPal... doesn't ebay own PayPal?

I changed my password.

 

[DomainBop]

I hope this doesn't impact PayPal... doesn't ebay own PayPal?

I changed my password.

Both the eBay and PayPal web sites have had several XSS vulnerabilities in the past...a few of which went unnoticed or unpatched for lengthy periods of time.  Back in 2005-2006 there was a XSS vulnerability in eBay auction listing pages that eBay was notified about and didn't bother to patch for over 1 year http://www.kb.cert.org/vuls/id/808921).  The most recent XSS vulnerability on the PayPal site was just last year http://threatpost.com/paypal-site-vulnerable-to-xss-attack

 

[Kakashi]

From what I've read, Paypal are not affected by this. Different systems altogether.

 

[Damian]

As an Ebay user, I am disappointed that I wasn't notified by email.

 

[switsys]

As an Ebay user, I am disappointed that I wasn't notified by email.

+1

 

[Navyn]

Do not have any account on ebay.

 

[drmike]

Seems like Ebay can't handle the mass of password changes either... Media reports about systems going down at Ebay due to such.

 

[MannDude]

As an Ebay user, I am disappointed that I wasn't notified by email.

Ditto. I found out on Twitter... 

Then when I did want to change my password, I had to scratch my head and rub my chin, trying to figure that out. Wasn't as straight forward as you'd imagine, but after a couple minutes had it done.

 

[Artie]

I've changed my password earlier today. Been meaning to get it into LastPass anyways.

 

[jvkz]

Thanks for pointing will change right now...

 

[HBAndrei]

As an Ebay user, I am disappointed that I wasn't notified by email.

This is very unprofessional for them, but I've changed my pass, so it should all be good.

 

[HBAndrei]

Update:

Just got an email from ebay asking me to change my password cause of the attack they suffered, 5 days delay, but I guess later is still better than never.

 

[markjcc]

I logged into eBay today to check my listings, and it was complaining about changing passwords. At first I was like Nawh.. Don't need to....

Now that I have seen this thread, I changed it

 

[KuJoe]

I got an e-mail yesterday from eBay also. I didn't even remember I had an eBay account so I kept ignoring these kinds of threads until I got the e-mail. Good job eBay for being on top of things.