HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Statements like this, coming from the company that has just been hacked, are kind of funny because they always say the same thing.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
eBay Hacked, Requests All Users Change Passwords
- Thread starter HardOCP News
- Start date
Parja
[H]F Junkie
- Joined
- Oct 4, 2002
- Messages
- 12,670
It's also a lot easier and better for the bottom line to throw an employee or two under the bus rather than admit your security protocols suck.
This happened two months ago! Dam near a day late and a dollar short. Lucky for me, I could give a care less about my ebay account. I will change it, obviously, but I don't understand what the motivation is to do so. That it contains my address? As if that can't be publicly obtained anyhow? We might as well just start expecting this kind of stuff to happen, it's getting so frequent.
Sure, but that can include the network administrators, not just the non-IT staff.
Well.. how much you want to bet that 80% plus users use the same password with their paypal account.
I am surprised that there haven't been an explosion in fraudulent postings.
S
shade91
Guest
Good job eBay. Keep hiring idiots in your security division simply because they tout a CISSP certification and a degree from a stupid Indian tech school.
bucketlist
Gawd
- Joined
- Oct 8, 2013
- Messages
- 1,019
Give me a fucking break, again?
If someone has access to your ebay account, they can change your email information (and link it to a scam/stolen paypal account). Then start selling products, while never shipping anything. By the time eBay and Paypal stop them, they will have transfered the money out and you have the police knocking on your door to arrest you for fraud.
Oof, then they deserve what they get for making those passwords the same. Frankly, not that it couldn't be garnered somehow/someway, my financial website passwords are different and much stronger than simple sites like Ebay and I never connect sites such as Paypal to them.
I can see how that could be a nuisance. Given my sparse history on my years old ebay account, though, it wouldn't take long to see it was complete fraud. Heck, I don't even know how to sell anything on Ebay since I never have done so, hah. I'm sure it's not hard, I've just never done so.
Disposed
Supreme [H]ardness
- Joined
- Mar 2, 2010
- Messages
- 5,211
Funny story my wife just yesterday had a fraudulent charge from paypal to ebay and nobody at ebay or paypal could figure it out. Then i wake up this morning and see this in the news.
Coincidence or not?
Coincidence or not?
bman212121
[H]ard|Gawd
- Joined
- Aug 18, 2011
- Messages
- 1,815
I would think that one of the best attacks they could do (And probably thought of by now) is to take your e-mail address for the account and send you an e-mail saying ebay was hacked please click here to change your password. If they copy the original email verbatim and send their copy out after ebay does a lot of people will probably assume it was just sent twice and click on the new one (theirs) to go to the "ebay" page to change their password.
Comixbooks
Fully [H]
- Joined
- Jun 7, 2008
- Messages
- 22,012
Ebay need to go out of business.... rampant materialism by selling in virtual garage sale.
BettiePage
Limp Gawd
- Joined
- May 16, 2007
- Messages
- 315
does this mean I need to change my paypal log in as well?
bman212121
[H]ard|Gawd
- Joined
- Aug 18, 2011
- Messages
- 1,815
According to the article Paypal is in a seperate Database so it is unaffected. As long they were different passwords you shouldn't need to change it. That said, you're no doubt following best practices and changing your password every 90 days anyway right?
Coldblackice
[H]ard|Gawd
- Joined
- Aug 14, 2010
- Messages
- 1,152
These damn companies need to be held accountable for this. Seriously. This is out of control. Every month, there's some new idiot corporation who's been heisted.
The problem is that there's currently no (dis)incentive -- stores will fiercely guard their physical property, but when it comes to customers' "property", they don't give a rat's ass. Why? Because there's no consequence. Not even from a publicity/marketing perspective. No one cares, no one complains, happens all the time.
We need to start raining down lawsuits on these companies to get this under control. Of course, that's the trick -- how do you show actual, tangible damages from stolen data? Hard to quantify.
Realistically, I suppose it's mostly a lost cause -- people don't care about privacy, people don't care about amorphous, non-tangible personal/private data. Out of sight, out of mind. And by the time someone's personal data is used illicitly, the length of time will warrant a disconnection of cause-and-effect from the theft. And even then, it's not like you could really prove that the theft stemmed from Target/eBay/etc.'s heisting.
In other words, this will continue to happen regularly until someone or something bends the corporation(s) over a knee and reddens some cheeks.
The problem is that there's currently no (dis)incentive -- stores will fiercely guard their physical property, but when it comes to customers' "property", they don't give a rat's ass. Why? Because there's no consequence. Not even from a publicity/marketing perspective. No one cares, no one complains, happens all the time.
We need to start raining down lawsuits on these companies to get this under control. Of course, that's the trick -- how do you show actual, tangible damages from stolen data? Hard to quantify.
Realistically, I suppose it's mostly a lost cause -- people don't care about privacy, people don't care about amorphous, non-tangible personal/private data. Out of sight, out of mind. And by the time someone's personal data is used illicitly, the length of time will warrant a disconnection of cause-and-effect from the theft. And even then, it's not like you could really prove that the theft stemmed from Target/eBay/etc.'s heisting.
In other words, this will continue to happen regularly until someone or something bends the corporation(s) over a knee and reddens some cheeks.
Dr. Righteous
2[H]4U
- Joined
- Aug 1, 2007
- Messages
- 3,163
Canceled my account with Ebay years ago.
CROOKED=Ebay. They deserved to get hacked.
CROOKED=Ebay. They deserved to get hacked.
LOL WUT?
then shalt thou count to three, no more, no less. Three shall be the number thou shalt count, and the number of the counting shall be three. Four shalt thou not count, neither count thou two, excepting that thou then proceed to three. Five is right out
Only if you use the same password. Though if your Paypal password is easy to guess from the ebay password they stole it may be safer to change it as well.
Same here, thankfully I had already done so. Your right, pathetic.