eBay

http://www.thestreet.com/story/12717076/1/ebay-discloses-cyberattack-says-paypal-unaffected.html?puc...

NEW YORK (TheStreet) - E-commerce giant eBay (EBAY_) said on Wednesday cyberattackers hacked into a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network. The online marketplace urged customers to change their passwords and also noted it had yet to see a rise in fraudulent activity or any compromise of its mobile payments arm, PayPal.

eBay said databases at the company were hacked between late February and early March, and data stolen as a result of the attack included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. The hacked database, however, did not contain financial information or other confidential personal information. eBay also emphasized on Wednesday it keeps PayPal data separate from its online marketplace.

"The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today," eBay said.

Later on Wednesday, eBay will notify users of the cyberattack and them to change their passwords on the site.

"After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats," eBay said.

"However, changing passwords is a best practice and will help enhance security for eBay users," the company concluded.

CEO John Donahoe did not provide comment on the press release.

Shares of eBay were falling nearly 2% in early Thursday trading, trading at $51 a share.

UPDATE (10 am EST): PayPal spokesperson Jennifer Hakes told EcommerceBytes eBay will only be asking its user base later today to change passwords. "Extensive forensic research has shown no evidence of unauthorized access or compromise to personal or financial information for PayPal customers," she said.

"PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay. PayPal account holders should consider changing their passwords only if their credentials are the same as those they use for eBay."

Thanks for the info. Pierre, passwords changed.

As the years pass, hackers get better at what they do.

and in response

Our level of vigilance must always stay at a high level

---------------------------------------------

eBay, Paypal, and our bank accounts are all "tied together"....  and yet they remain separate... until that next hacker... perhaps..

and then come the phishing emails....

Never respond to something unusual  form eBay, Paypal or your bank

always check  the website, and then report the phishing email.

-----------------------------------------------

The internet is a wide open environment..... and if your computer is like mine... fully open to the receipt of emails.... then almost anything can end up on your computer... and sometimes in spite of Anti-Virus protection..

My second computer that receives no emails is "100 % clean"....no garbage.

--------------------------------------------

In response to a question on eBay, I used to add my name with my eBay ID....  now I only sign the email with my eBay ID.

It is absolutely amazing how quickly someone can find out everything about you ,  with just your full name...  They can find your address, telephone, email... and then have a street level view of where you live....

------------------------------------------

I have done it for buyers, where an address had to be verified as correct...even before buyer input..  Buyers have been notified of subtle address errors..

such a 3467 344,  which should be 3467 344 Street...  the designation "Street" was missing

Postal code look up and reverse postal code checks on Canada Post's website also help

Put it all together  I can find out a lot about YOU... No hacker am I!

Thanks for posting this Pierre.  I'll be changing my password now. 

Funny how we have to hear these important issues from other members, via the media, before eBay makes any announcements, as you pointed out.  I'd add that this isn't the first time we're the last to know about a problem!

We get BBC email top news reports every day, and today there is one reporting this and telling eBay members to change their passwords.

Pierre mentioned the report said that the attack(s) occurred in late February and March.  Hopefully changing passwords now isn't just a pointless horse-and-barn-door scenario. 

It would have been so much better and more effective to have known about this as soon as eBay knew it was happening. 

How do I change my password?

Go to the Customer Support link (top of the page) and enter "change password" in the box.

eBay will then direct you to: http://pages.ebay.ca/help/account/change-password.html

http://announcements.ebay.ca/2014/05/21/7604/

I find it odd that eBay waited so long to informed it's users.  Why do we have to hear this from the news and 3 months later.  Ummmm

If you read the reports, personal IDs have no chance of being accessed by this "hack".

Now that the "news" is out, eBay has to resort to the change your password mantra which you are supposed to do every six months anyway.

If this is news, toe fungus is news.

.
.
.

According to the official post by eBay Inc on eBay.com:

What customer information was accessed?

The attack resulted in unauthorized access to a database of eBay users that included:

·       Customer name

·       Encrypted password

·       Email address

·       Physical address

·       Phone number

·       Date of birth

Did you not see the notice about the password change? It was inserted in their rotating banner ads that you see when you login (see captured screen shot). Sigh what a way to notify end users. NOT! Have a notice that is in the end user's face as soon as they login and email your end users ASAP. Do not rely on the media to whip your end users into a frenzy. That is unless you want to loose them as customers.