Skip to content

Ebay user details gained by hackers

Featured Replies

Just got a text from my dad about this.... 

Changed mine earlier then changed it back to what it was before. Double bluff to fool the hackers ;)

Did I read that Ebay knew about this in February?

  • Author

I changed any important ones when Heartbleed broke.

Now to change eBay again

I've just changed my password to hfehfuefUgUhUhuuuhu849506huu8975H2244455UGFtfFyUhJIJOiIUUYFtDEdgFYU

 

Lets see those scummy hackers guess THAT :D

Too many "u"s together, I think you find that password will get rejected.

 

I tried to use my wife's home town as part of a password and it was rejected because of too many "n"s.

 

I have been laughing cynically at the current swath of PayPal adverts on TV, I am waiting with great anticipation for the next great hack of their systems to be announced.

What surprises me is that eBay have not communicated it - at least I have received nothing official from them.

No point in changing passwords with heatbleed until you know the site is patched. the vulnerability would just allow them to pick up the new one.

 

The Ebay one is a database compromise, bit different since it means they have a bunch of actual passwords. I've not read the full release yet so I don't know if they've just got the hashes or the actual password strings.

 

Ebay have been ******s and sat on this for a month. Which probably means they're not based in California since they'd be up in court for not disclosing.

I've tried several times to change password ,but when I click on the change password button nothing happens.

Is everyone trying to change at once...?

There was a notice on eBay this morning so I changed my password. The official eBay line on the radio was that the database is such that they are unable to decipher passwords, so even hacked it should be OK. I've changed my password though, I tried to make my password as secure as possible with the result it is too complicated to remember - back the the drawing board tomorrow.

It reminded me of this story my Bro in law sent me and I posted in January http://www.briskoda.net/forums/topic/302436-like-any-good-story-an-exaggeration-bur-something-rings-a-bell/

Doesn't really matter how sophisticated your password is if they get the DB in the clear or sniff it via Heartbleed.

 

Nothing is uncrackable and if the hackers have the hashed database they can work their way through it at their leisure.

There was a notice on eBay this morning so I changed my password. The official eBay line on the radio was that the database is such that they are unable to decipher passwords, so even hacked it should be OK. I've changed my password though, I tried to make my password as secure as possible with the result it is too complicated to remember - back the the drawing board tomorrow.

It reminded me of this story my Bro in law sent me and I posted in January http://www.briskoda.net/forums/topic/302436-like-any-good-story-an-exaggeration-bur-something-rings-a-bell/

 

Could use something like Lastpass  https://lastpass.com/

  • Author

I'm amazed that the passwords and personal info were in the same database, and the personal info is unencrypted!  Hackers have enough to clone each and every ebay users details and go to town with credit cards and loans, or even to help reset other online systems.

 

What about password reset questions and answers?

Bit late now, the site was hacked months ago :wonder:  but they have only just got round to telling the users :wall:

No point in changing passwords with heatbleed until you know the site is patched. the vulnerability would just allow them to pick up the new one.

 

The Ebay one is a database compromise, bit different since it means they have a bunch of actual passwords. I've not read the full release yet so I don't know if they've just got the hashes or the actual password strings.

 

Ebay have been ******s and sat on this for a month. Which probably means they're not based in California since they'd be up in court for not disclosing.

Surely they'd only store md5 or sha etc hashes of the passwords in the database....

Surely they'd only store md5 or sha etc hashes of the passwords in the database....

 

That looks to be the case. All still crackable with a bit of time, or not very much time if they've not salted the hashes properly.

If it was half arsed they'll brute force the hashes with rainbow tables in no time.

 

I don't think it's too bad. Allegedly the passwords are already up for sale but encrypted. If they could crack them easily they do that and sell them for more.

Not toothless (I know a few people high up in the ICO) but very limited in what they could do with an international corporation like Ebay.

ICO are some of the few good guys in government. They regularly go up against the ministers.

 

The biggest fine they could levy is £500k, pocket change to the likes of Ebay. They are lobbying for more powers including the ability to fine a percentage of global turnover.

This is probably part of the lobbying process. i.e. by failing they'll promote the case for additional powers.

  • Author

The biggest threat is a Senate investigation. That'd make someone at eBay squirm

The biggest threat is a Senate investigation. That'd make someone at eBay squirm

unless ebay's lined a few pockets which wouldn't surprise me.

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.