Personal View site logo
Ebay security breach
  • A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago.

    "The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.

    "However, the database did not contain financial information or other confidential personal information.

    "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."

    http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords

  • 5 Replies sorted by
  • It seems like they want to hide it - http://grahamcluley.com/2014/05/ebay-burying-news-security-breach/

    At least for now, hence using corporate portal only.

  • Its on their website now. I had multiple attempts yesterday morning by someone trying to take money from my bank account...either this was related or not is a different matter. But yeah there was no email sent to me saying about breaches...I only found out from the local news. I'm not totally convinced that financial info was safe either.

    Anyway its good that my bank put a block on the attempts.

  • For days they did nothing, now they really push password change, at big cost :-)

    Ebay thought it would be a genius plan to force users to change their passwords by taking them to a screen to do it when they attempt to log in. The only problem is that they do not appear to have encoded the system to realise that someone has changed their password already.

    As a result a person who changes their password is taken back to a screen which asks them to change their password again. Meanwhile users cannot do what they want to do on ebay such as buy and sell products.

    http://fudzilla.com/home/item/34846-ebay-kills-off-its-own-business

  • I was also incredibly put off by finding out my account had been breached by stumbling across it on the internet. By them NOT sending an email to users as soon as they knew there was a security breach they showed their true nature: they are more concerned with their image than the safety and security of their users. Despicable and unforgivable business practices. Whoever made the final decision to hide this should be immediately fired and their name and failure publicized everywhere possible to ensure they A) are never hired in the industry again or B) can be avoided by consumers at all costs. So, anybody have any names for who was responsible for this shameful breach of trust?

  • Whoever made the final decision to hide this should be immediately fired and their name and failure publicized everywhere possible

    Who mean their owners? Banks and funds? Could be fun.