DuckDuckGo Ups Ante: Gives $300K to 'Raise the Standard of Trust'
For the seventh year in a row, the search engine that promises not to stalk your online moves puts its money where its mouth is, this year by donating $300,000 to organizations that
System76 Saying Goodbye to Bland Design
Considering that System76 chose to unveil its new design plans to The Linux Gamer -- no invite went to FOSS Force, BTW -- we can't help but wonder if a System76 Steam Machine isn't in the works.

The Screening
The Great Debian Iceweasel/Icedove Saga Comes to an End
Now that Thunderbird is back in the Debian repositories, the decade long dispute that led to all Mozilla products in Debian being rebranded has ended.

The hatchet is finally completely
Back Yard Linux
It's not as lonely being a Linux user as it once was. These days you're liable to find people throughout your neighborhood using Linux.

My how times have changed.

It wasn't long ago that Linux
No, Evil Hackers Aren't After You
Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.

Roblimo's Hideaway

OMG! I think I see a giant camera lens on
Should the U.S. Army Have Its Own Open Source License?
Should the U.S. armed forces begin releasing software under an OSI approved open source license rather than as public domain?

Roblimo's Hideaway

This question has generated many pixels'
GitHub CEO Chris Wanstrath on Open Source
Did you know that the software Stephen Hawking uses to speak is open source and that it's available on GitHub? Neither did we.

The Screening Room

At the Computer History museum, GitHub CEO Chris
May 21st, 2014

eBay Hacked – Will Ask Users to Change Passwords

eBay announced this morning that they’ve been hacked and that “encrypted passwords and other non-financial data” have been compromised. They’re expected to begin notifying their customer base later today, which will include a suggestion for users to change their passwords. The company says that PayPal, an eBay subsidiary, uses its own servers and was not affected by the attack.

According to CNET, the first public news of the compromise came by way of a cryptic blog posting by PayPal:

“…eBay-owned PayPal posted a blog entitled ‘eBay, Inc. to Ask All eBay users to Change Passwords.’ The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal’s site, causing even more confusion for users of the online auction house.”

According to a posting on the eBay blog, the attack occurred several months ago.

“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.”

The post does not indicate when eBay first became aware of the intrusion nor does it explain why the public is only now being notified of the security problem. They do say that they’ve seen no evidence that any user accounts have been compromised and indicated that they are suggesting the password changes as a precautionary measure.

The following two tabs change content below.
Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

5 comments to eBay Hacked – Will Ask Users to Change Passwords

  • Mike

    Gee, so I can change my password and nobody can use my EBAY account. It’s not like anyone can do anything bad with my full name, home address, e-mail, and birthdate.

    EBAY should be liable for any identity theft that results from this. Unfortunately how could you possibly prove it?

    I know the following is slightly off-topic, but recently (especially in the wake of Heartbleed) I’ve heard people suggest that using free and open source software is unsafe because there’s no accountability. Ha, like any proprietary software vendor (I’m looking at you Microsoft) has ever been held accountable for their security failings.

  • Mike

    Just went to change my password on EBAY. It took like half an hour because anything even remotely complex was rejected by their system. I even had one password accepted by the change password page, but wouldn’t actually work for logging in. Their little password complexity meter is worthless and misleading unless you use very formulaic passwords. Passwords are limited to 20 characters, what is this: 1990?

    Wake up EBAY, your security is a joke.

  • […] eBay Hacked – Will Ask Users to Change Passwords […]

  • Ever since reading about one poor person who ordered a Nintendo gaming device on eBay…and receiving a box with a brick in it instead….I’ve ceased to use eBay period! I know there’s great deals to be had…but I prefer to buy from a place that has some accountability….(TigerDirect….OfficeMax….Staples….etc.) Not to mention with this current economy I cannot afford to be bilked out of the money I use for technology and replacement parts.

  • steviejo615

    Ebay uses the word “asking” even though there is no choice…they are forcing the password change. I am more concerned with the personal data ebay has leaked. How can we “ask” (i.e. force ) ebay to protect our personal data?