E-Bay hacked : password changes needed

[ricktas]

Have an EBay account?

You need to login and change your password.. BUT it gets worse.

Hackers accessed EBay in February and March. EBay have finally decided to reveal the extent of the hack. 233 million Ebay users (every single EBAY account worldwide) have had their customers' name, encrypted password, email address, home address, phone number and date of birth taken. EBay say their PayPal service was not affected so your banking and credit card details appear to be safe if you do not use the same email/password combination.

If you use the same password and email/username for your E-Bay account as you have with say your internet banking, email account password and more, you will need to change the passwords on ALL your accounts affected.

Members can change their Ausphotography Email and Password here in need: http://www.ausphotography.net.au/for...o=editpassword
Note that you will need access to the email account selected when you change your email address on Ausphotography. The site sends a confirmation email to this new address, and until you click the link in that email to verify the email address change, your Ausphotography account will not work.

Warning: You should have different passwords for each site, esp. banks, paypal etc. NEVER use the same password on a site, coz if it gets hacked then they maybe able to access other of your accounts.

Remember, hackers will use 'bots to attack millions of accounts per hour.

FYI Our firewall / anti spammer technology blocks many hundreds of attempts per day; and we don't have any financial data stored here.

[Sifor]

Funnily enough I'm not nearly as concerned with the passwords as much as I am about the street addresses and DOB.... identity theft just made easier.

[Kym]

http://www.abc.net.au/am/content/2014/s4009539.htm

CHRIS UHLMANN: Cyber criminals have hacked into online marketplace eBay and stolen the private information of millions of its customers.

The website is urging users to change their passwords but there's little it or customers can do to retrieve the names, emails, addresses, phone numbers and birth dates that were taken.

And the company is facing mounting criticism for its handling of the security breach, announcing it now despite knowing about the incident for weeks.

Will Ockenden reports.

VOICEOVER (Extract from eBay advertisement): There's a place especially for you.

WILL OCKENDEN: Internet retailing giant eBay likes to think of itself as the world's online market place.

VOICEOVER (Extract from eBay advertisement): With more than 30 million products, you can always find exactly what you want and make it yours. eBay …

WILL OCKENDEN: Hackers appear to have taken that literally. They've made eBay's database theirs, and obtained the usernames, passwords, phone numbers, addresses, birthdates and emails of more than a hundred million of its users.

GRAHAM CLULEY: They've been royally hacked a couple of months ago apparently. Pretty embarrassing.

WILL OCKENDEN: Graham Cluley is an internet security researcher.

GRAHAM CLULEY: How long has eBay known about this?

WILL OCKENDEN: eBay is an auction website which connects buyers with sellers. Last year its users bought and sold around $US205 billion worth of goods.

eBay isn't providing specifics on how many of its 145 million or so active accounts have been affected, saying only it's a "large number".

The company says financial information like credit cards weren't stolen, but Graham Cluley says the large scale loss of personal data raises the likelihood of identity fraud.

GRAHAM CLULEY: These days hackers aren't just interested in credit card data. They're also interested in your personal information because they can actually exploit that to make money too.

WILL OCKENDEN: How?

GRAHAM CLULEY: By doing things like phishing attacks, by the fact that many people use the same password in multiple places. They could spam you, pretending to be eBay and maybe inside that email there could be a malicious link designed to infect your computer. And once they manage to infect your computer then they can really begin to turn that into money by handing it over to spammers for instance.

WILL OCKENDEN: eBay says the hack likely occurred in late February and became aware of it around two weeks ago.

The company has been widely criticised for its handling of the incident, with users saying a technology company should have better security policies and criticising the time taken to announce the breach.

eBay also appeared to play the whole thing down, burying the scale of the attack in the middle of its official statement.

GRAHAM CLULEY: A lot of people are rather upset that if you go to ESET's website right now, there is no warning there on the front page. You have to dig around in their press section to find out anything about this. And surely, eBay should be more proactive about warning its users.

WILL OCKENDEN: If a catastrophic data breach wasn't bad enough for eBay, the news of the incident also leaked from the company.

For hours last night a company blog displayed the headline "eBay Inc. to Ask all eBay users to change passwords". The blog post provided no more information, other than the words "placeholder text".

GRAHAM CLULEY: People are thinking, whoa, are they going to announce a leak, is this just a dress rehearsal they're doing for some crisis management? In fact, they've managed to leak news of it before they were ready. It's been pretty amateurish all round.

WILL OCKENDEN: eBay isn't speculating on who may be responsible for the hack and has assured users there has been no evidence of fraud so far.

But if history is anything to go by, there is likely to be a rise in attacks across the internet as users often use same or similar passwords from website to website.

CHRIS UHLMANN: Will Ockenden reporting.

[Cage]

Most large companies will do their best to protect 'their' bottom line (Profit) before they even consider being transparent about intrusion into their operating systems.

I've set up my online purchasing with a separate bank account and credit card, and only transfer funds into the account when I'm about to make a purchase.

And Sifor raised a good point about identity theft.

[Nick Cliff]

I had been warned about ebay re lack of security smarts years ago by someone who had a son in the internet security industry and had been told our banks needed to lift their game too by another person ,again as already mentioned it affects short term profitability .Internet security will become a higher priority as a cost of doing business of course , we will just have to pay more for this security as cyber criminals become more sophisticated from now on, regards nick.

[ricktas]

I had been warned about ebay re lack of security smarts years ago by someone who had a son in the internet security industry and had been told our banks needed to lift their game too by another person ,again as already mentioned it affects short term profitability .Internet security will become a higher priority as a cost of doing business of course , we will just have to pay more for this security as cyber criminals become more sophisticated from now on, regards nick.

I think banks have come forward in leaps and bounds. Mine now has a facility where if I want to order something online using my credit card, I login to my mobile banking app, enter the details of the order (I have to specify amount and currency). Then I go back to the website and place the order and the credit card is accepted. But all other online transactions automatically reject. Yeah it takes a moment longer, but the security of having that in place is well worth it.

[Kym]

eBay and Adobe are the two big recent ones.
Both will give the industry a big kick in the behind.