eBay

joanna_oz · ‎22-05-2014

Hello,

Earlier today eBay Inc. announced it is aware of unauthorised access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorised access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you. We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Click here for updates and additional information.

Regards,

The eBay Team

matthewmcdonald · ‎24-05-2014

Why not list all the customer information that eBay allowed to leak out through non existent security of our personal details?

Full Name

Home Address

Email Address

Phone Numbers

Date of Birth

Password (encrypted only not hashed so these passwords can and have already been decrypted)

All information that can be used for identify fraud and all leaked by eBay who despite ramping up fees have spent little on securing our personal information.

It's about time that senior executives at companies were made legally responsible for securing information and for breaches like this send them to jail - only if this happens will companies takes the steps to secure our personal information that we had to supply when we signed up to use the service offered. Companies should also be responsible for all costs involved if someone does have their identity stolen and all customers should be given compensation for the breach in the order of hundreds of dollars each.

All in all a poor response from eBay in taking so long to both notify customers when the breach was found and for being unable to detect the breach when it was occuring. Their email looks like a scam email (how hard is to put in your full name instead of just your first name in all lower case letters?) and their lack of an apology shows that they don't care about our information.

888mate · ‎24-05-2014

to late once the system youn have at ebay to protect our personal info and privacey is comprimised,what is your next step to fix problem

amber-eyed-girl · ‎25-05-2014

Companies are legally culpable for privacy breaches.

I read last night, that in the U.K., the maximum fine for this is half a million pounds. That equated to only 2 pence per person in the U.K., according to that article.

-------------------------------------------------------------------------------------------------------------------------------

Buttercup: You mock my pain! Man in Black: Life is pain, Highness. Anyone who says differently is selling something.

matthewmcdonald · ‎25-05-2014

@amber-eyed-girl wrote:
Companies are legally culpable for privacy breaches.

I read last night, that in the U.K., the maximum fine for this is half a million pounds. That equated to only 2 pence per person in the U.K., according to that article.

The maximum fine is £500,000

There are 18 million ebay customers in the UK

This equates to 2p for each of the customers or put it another way 0.00002 per cent of annual turnover.

223 million email, names, home addresses, passwords, phone numbers and birth date are currently for sale/trade.

Anyone who has any issues with identify theft or other breaches that can be tied back stolen personal information that is not availiable publically elsewhere should consider taking action against eBay under our consumer and privacy laws.

As for now, if you have your real date of birth on eBay change it to a false one.

colic2bullsgirlore · ‎25-05-2014

Apparently the hacked details have been and still are available for purchase on the deep web/darknet or whatever you want to call it (pastebin)

http://mashable.com/2014/05/22/ebay-users-at-risk-after-cyberattack-change-passwords/

Many password-reset questions involve a birthday, phone number and physical address. At the very least, this sort of data would make it easy for criminals attempting to bypass security settings. It could also be used to aid identity-theft schemes.

Already, as researcher Ashkan Soltani notes, at least one person claims to be selling the alleged user database.

The person in question wants 1.453 BTC (about $753) in exchange for access to a supposed 145,312,663 unique

records.

But it seems to be a fake, based on eBay's response:

atheism is a non prophet organization

threetoedsloth · ‎26-05-2014

Is this the reason I could not log in on my old password ? I recieved an email saying I had requested to change my password

{ I did not } went to log on and was told password incorrect how can that be? How can password be changed without my permission,it wasn't actually changed but when I clicked on link I had to change it then so question is did ebay freeze all accounts that hadn't changed their passwords.Just checking if this was legit or not as I have no record on ebay messages of these messages I am a bit worried Cheers Threetoedsloth

chiphead69 · ‎26-05-2014

If eBay were so concerned about account security, and this breach occured in Febuary 2014, why has it taken until May 2014 for the organisation to ask there customers to change there password???????

Not good enough

betnorm · ‎27-05-2014

Ebay has announced that even though our privacy has been breached, we are not at risk as our pass words are encrypted. That being the case why are they enforcing all users to change their passwords? I for one would be very interested just where this breach has occured (what country or countries?). To date the Companies behavior has been infantile and very unprofessional it appears as if there was no forward planning to cover a situation like this (it's a worry) I have deliberatley refrained from using social media as I had no ambition to put all my private information in one easy spot, but it seems Ebay has done that for me. I for one would be interested in a Class action if it was to be considered in the future? Regards Norm

davewil1964 · ‎27-05-2014

That's the modern way, isn't it?

Sue 'em.

haklin4 · ‎27-05-2014

Found out in fact you can get 2 step authentication with a free app.

https://www.paypal-community.com/t5/Tips-from-Moderators/PayPal-Security-Key/m-p/433633#U433633

Scroll down to the bottom of the thread and grab the app. I'm now using it to login to eBay and PayPal. This app needs to be promoted on the front page of ebay as far as I'm concerned!

eBay

eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Re: eBay Inc. To Ask eBay Users To Change Passwords

Photos