eBay Hacked -- change your passwords
Click here to post a comment for eBay Hacked -- change your passwords on our message forum
tsunami231
good thing i dont have an account on ebay and what accounts i did have where suspened/cancled 5+ years ago
RealNC
I'm amazed that such a high-profile site actually is guilty of the brain damaged practice of storing encrypted passwords :-/
One would think they'd know better. Or at least the people they pay would know better. You don't store passwords (encrypted or not). That's a stupid idea, and has been known to be a stupid idea for a long time now.
Maybe that's why they were reluctant to make this public sooner. Who knows. This is a thing that can make you look incompetent.
Extraordinary
BarryB
Well, I guess that's ebay fees going up then to cover the cost of their incompetence! :banana:
Smikis
Ghosty
WaroDaBeast
Changed my password, too. Thanks for warning us!
tsunami231
rflair
Moderator
Was the compromised server in Europe or North America? I got no email and just logged in and there was no mention of being compromised.
tsunami231
vajoiner
we changed in february without a notice because we had a few occurrences of ghost payments or 'paid' accounts. i forget off hand but our ebay accounts person was perplexed about something and he doesn't get perplexed. i remember the day but not the circumstances. we were probably slighted for a few hundred dollars.
lucidus
What about paypal accounts? They're the same company right?
tsunami231
SLI-756
it's in the papers today and they said paypal is unaffected, however if you use the same pass for the two then sure change paypal one too.
the hackers have had access since February.
chinobino
Phew, just changed my password to Fcukyouebay!1
Gotta have a good strong password.
I can't believe it even accepts this as a strong password.
/troll
rl66
tsunami231
Fender178
mmicrosysm
done and done
shadex
Use two-factor authentication provided by Verisign: I have one built-in via Ironkey. Ebay supports it. Regardless if I have a weak password or not, hackers cannot bypass two-factor authentication via token mechanism. It's a permanent solution to this type of crisis.
https://idprotect.verisign.com/orderstart.v
http://www.ironkey.com/en-US/encrypted-storage-drives/250-personal.html
VeriSign® Identity Protection (VIP). The IronKey™ Identity Manager also supports VeriSign® Identity Protection (VIP), a strong authentication service used by financial and commerce websites.
It's a very nice security feature add-on to Ironkey USB.