Realcent.org

[Copper Catcher]

05-21-14 eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."

The statement follows an odd stream of events this morning when eBay-owned PayPal posted a blog entitled "eBay, Inc. to Ask All eBay users to Change Passwords." The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal's site, causing even more confusion for users of the online auction house.

eBay has since posted information about the hack on its official blog. The company will ask all users to change their passwords starting later on Wednesday.

eBay shares are down 1.73 percent, or 90 cents, to $51.06, following news of the hack.

The database, which eBay said was compromised in late February and early March, held eBay customer's names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. However, the company says users' financial information was not accessed.

"After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats," eBay wrote in the post. "However, changing passwords is a best practice and will help enhance security for eBay users."

eBay also tried to allay concerns of PayPal users who store credit card information on the service. Although eBay owns PayPal, the online auction site says that "PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted."

eBay said it detected the hack two weeks ago and engaged in forensics activities to determine what database was compromised and what was stolen. The company narrowed down the attack to "a small number of employee login credentials" stolen by cyberattackers, which it said provided access to eBay's corporate network.

Starting later on Wednesday, eBay will use email, site updates, and "other marketing channels" to request its users change their passwords. The company also encouraged its users to change the passwords on any other sites they might use with the same log-in credentials. It even ended its blog post with a security tip: "The same password should never be used across multiple sites or accounts."

eBay's hacking should be taken seriously. The e-commerce site has 128 million active users around the world. While the company has acknowledged that it will ask ever user to change their password, eBay hasn't said how many customers might have had information stolen.

With Heartbleed wreaking havoc on the Web and an increasing number of major companies having their servers hacked and personal information leaked, Web security -- or lack thereof -- is becoming a huge concern for Web users. The eBay hack could prove to be the biggest security flaw to affect users since last year's Target data breach. That hack is believed to have impacted 110 million customers and left personal information -- including names, mailing addresses, phone numbers, email addresses, and debit and credit card data -- open to hackers.

CNET has contacted eBay for more information on the hack. We will update this story when we have more information.

Source: http://www.cnet.com/news/ebay-hacked-re ... passwords/

[hobo finds]

Too many people are trying to change passwords now, site having trouble keeping up

[uthminsta]

I just changed my password THREE days ago. Now I have to come up with another stupid password that I won't remember.
How about: Th15Passw0rd5uck5

[68Camaro]

I'm thinking it's time to reset it to "password" because its so obvious that I bet even the hackers don't check for it anymore. :lol

[fansubs_ca]

I'm thinking it's time to reset it to "password" because its so obvious that I bet even the hackers don't check for it anymore. :lol

A study once showed that was the most popular password in the world. ^_-

If it's too easy _eventually_ someone will try it. A friend of mine made his AIM password
the same as his username. He got away with it for 14 years until finally someone tried
it. Fortunately the person who took it over was really obvious from their writing style
and spelling so I knew the message was fake (it was a message linking to a site made
to look like an official AOL page where you had to log in with your AIM password to see
a picture, really obvoius attempt to get all his friend's passwords, all their friend's
passwords, etc.) So I called his house and left a message with his wife to let him know.
After he got control of the account again he told me what he had previously used as
the password.

Also so many places are making weird rules about having to have numbers, a mix of
capital and lower case letter, and sometimes even symbols in your password that
your idea won't work.

I'm thinking I've got to make a physical list of every password I have on paper and
keep it physically locked up somewhere as it's starting to reach the point where
I'm having too many passwords to keep track of. -_-

I keep a list like that for what places have my address and which address they
have me at. I have 4 mailing addresses if you include really old stuff that has
me at my parents house that I've never updated...but I need to put them on the
list too so I know who needs notification if one of the 4 addresses ever becomes
invalid. Also gradually reducing what goes to my house or my parents house as I
get to it. Voter list is an issue due to a lack of maildrops that look like an
apartment in the same riding as I'm really in, I'd rather not change the area
I vote in as I live in an area where federal elections come down to a few votes
difference one way or the other.

[68Camaro]

My note was a bit tongue in cheek

For over a decade I've had a password protected excel file that contains coded versions of my passwords in it (not even the actual ones) but using a system that still requires me to supply a key from memory but minimizes the effort for me to keep track of the >100 accounts I have.

[IdahoCopper]

My note was a bit tongue in cheek

For over a decade I've had a password protected excel file that contains coded versions of my passwords in it (not even the actual ones) but using a system that still requires me to supply a key from memory but minimizes the effort for me to keep track of the >100 accounts I have.

Cool idea. I bet I could figure out how to do something like this.

[hobo finds]

Had a password at work that was "will change"

[fansubs_ca]

Looks like I did get an E-mail, got it on the 27th. I guess they are spreading it out so
the system doesn't get overloaded with everyone doing it all at once. I imagine they
probably still prioritized the notices based on activity level.

Of course even if someone hacked my account on the PAYPAL side of their company
there are no current bank accounts or credit/debit cards attached to it and a grand
total of 1 Hong Kong Cent in the balance so they won't get much out of me. ^_- I
pulled out the rest of the balance by ACH before closing down the attached bank
account. (Due to new fees.) Just there is no mechanism to pull out the Hong Kong
Penny (about 1/7th of a U.S. cent) so it sits there.#

Only problem is now I have to come up with a new password...

...as you guys know I have trouble with that:

viewtopic.php?f=8&t=6917