And now it's eBay's turn.

[Markverhyden]

So I just saw that fleaBay got breached. Purloined employee credentials were key to the attack.

http://money.cnn.com/2014/05/21/technology/security/ebay-passwords/index.html?hpt=hp_t1

 

[coffee]

What ticks me off is that according to the article they broke in 2 months ago. It took them two months to figure out something is wrong and now change your password. I guess better late than never but ....?

 

[Markverhyden]

What ticks me off is that according to the article they broke in 2 months ago. It took them two months to figure out something is wrong and now change your password. I guess better late than never but ....?

Actually in the article they said that they did not determine that employee credentials had been stolen until two weeks ago. After that they ran the forensics and found the breach.

I went to eBay. No mention of the breach at all, no prompt to change password, no splash/popup about changing password, no message from fleaBay about changing password, no email from fleaBay about this.

 

[coffee]

I never recieved any notice either. I just went in and changed my password as a percaution.

I would think they would notify everyone as soon as possible about the breach. I never got wind of this until you mentioned it - My thanks to you.

IMHO, Makes fleabay look kinda bad doesnt it?


coffee

 

[nlinecomputers]

And with Paypal so heavily linked to eBay I would change that as well.

Just did both.

 

[Markverhyden]

Yeah, that was the first thing I did when I saw this. Don't use eBay or PP much but logged in and looked around quickly to make sure nothing was amiss as well as changed password's.

 

[mraikes]

I just saw the announcement under "My Ebay" after logging in, and a link to an FAQ dated today:

http://www.ebayinc.com/in_the_news/story/faq-ebay-password-change

 

[coffee]

PP isnt linked to ebay. If you notice, When you buy something you are redirected to PP but you still have to login. So, PP accounts should be ok.

 

[cypress]

Thanks for the heads up. I changed both my Paypal and eBay passwords.

 

[Markverhyden]

PP isnt linked to ebay. If you notice, When you buy something you are redirected to PP but you still have to login. So, PP accounts should be ok.

True. But eBay owns PP so you never know what goes on behind the scenes.

 

[nlinecomputers]

PP isnt linked to ebay. If you notice, When you buy something you are redirected to PP but you still have to login. So, PP accounts should be ok.

True. But eBay owns PP so you never know what goes on behind the scenes.

Exactly my point. "Should be safe" and "Actually safe" are not the same concepts.

Yahoo had a breach via a 3 party just a few months ago. Yahoo was breached the data link was breached.

 

[scott00049]

'Page Not Available'. Apparently word got around fast, their password change page is overloaded.

Will try later today.

-Scott


http://www.ebay.com/trylater

 

[coffee]

True. But eBay owns PP so you never know what goes on behind the scenes.

Now that I didnt realize. Your right. I might as well get in there and change that too. Thank you.

coffee

 

[nlinecomputers]

'Page Not Available'. Apparently word got around fast, their password change page is overloaded.

Will try later today.

-Scott


http://www.ebay.com/trylater

It has made the major news outlets. Target is probably jumping for joy as this has the potential to be a larger breach then Target's.

 

[jft135]

How the heck am I supposed to keep all of my passwords straight when there is a major breech every other week these days? I may finally break down and use a password manager.

 

[PBComputer]

I really wish more and more firms would enforce users to use two step auth. This would help accounts safe, even if the password was leaked, and the changes of guessing a 6 digit number which changes every thirty seconds I would say is slim but it would be possible.

Paul

 

[LifelineIT]

How the heck am I supposed to keep all of my passwords straight when there is a major breech every other week these days? I may finally break down and use a password manager.

Lastpass. All day every day. All my stuff is 16 digits long and full of specials and numbers and caps. My amazon and s3 are like 28 digits long, lol.

 

[brandonkick]

I've been using password safe and it works very well.

I have my password safe synced to my google drive, and for an added layer of security I don't keep my usernames in the entries in case the safe itself were to be compromised and have its password hacked/cracked.

I highly recommend a password manager. You can easily generate complex passwords and it almost forces you to stop using the same easily remember able passwords.

I'm also a huge advocate of two step authentication.

1 st step would be something you know (I.E. a password)
2 nd step would be something you have (a code generator)

The 2nd step can be something like a smart phone app or a physical eToken like device that will generate a random pin that changes every 30 seconds.

 

[nlinecomputers]

Lastpass. All day every day. All my stuff is 16 digits long and full of specials and numbers and caps. My amazon and s3 are like 28 digits long, lol.

+1 for LastPass. Been using it for several years now. Also try and use 2 layer authentication on every website that I can.

 

[jft135]

I'm just paranoid about passwords existing anywhere but in my head. As often as they get breached anymore, this is irrelevant, but the idea still bugs me. I also worry that by not knowing my actual passwords, if anything happens to Lastpass, I'm screwed. I've had too many customers become reliant on their fingerprint readers and then lose access to everything when it breaks.