ebay hacked
Thread Starter
Joined: Aug 2006
Posts: 202
Likes: 50
From: UK
ebay hacked
From Today Online:
It said it found no evidence of any unauthorised access to financial or credit card information.
eBay shares fell as much as 3.2 per cent after the latest high-profile hacking attack on the United States company.
“For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords,” eBay spokesman Kari Ramirez said.
The attack was made through compromised employee accounts that allowed unauthorised access to its corporate network, the company said in a statement. It said the breach was first detected about two weeks ago.
The company said it found no evidence of unauthorised access to personal or financial information for users of its online payment service, PayPal.
eBay earlier issued a notice on its PayPal website asking users to change their passwords, but took down the message a short time later without explanation.
The message headline was “eBay Inc To Ask All eBay Users To Change Passwords” but had no other information other than the words “place holder text”.
www.todayonline.com/tech/ebay-database-hacked
According to a security expert on BBC R5, the data taken has the potential to aid identity theft.
NEW YORK — E-commerce company eBay said client identity information including emails, addresses and birthdays were stolen in a hacking attack between late February and early March.
eBay urged users to change their passwords after the attack on a database that also contained encrypted passwords, physical addresses and phone numbers.
eBay urged users to change their passwords after the attack on a database that also contained encrypted passwords, physical addresses and phone numbers.
It said it found no evidence of any unauthorised access to financial or credit card information.
eBay shares fell as much as 3.2 per cent after the latest high-profile hacking attack on the United States company.
“For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords,” eBay spokesman Kari Ramirez said.
The attack was made through compromised employee accounts that allowed unauthorised access to its corporate network, the company said in a statement. It said the breach was first detected about two weeks ago.
The company said it found no evidence of unauthorised access to personal or financial information for users of its online payment service, PayPal.
eBay earlier issued a notice on its PayPal website asking users to change their passwords, but took down the message a short time later without explanation.
The message headline was “eBay Inc To Ask All eBay Users To Change Passwords” but had no other information other than the words “place holder text”.
According to a security expert on BBC R5, the data taken has the potential to aid identity theft.
Last edited by John Marsh; 21st May 2014 at 14:54. Reason: Fontwork
Joined: Jan 2008
Posts: 3,156
Likes: 113
From: There and here
I'm always both surprised and curious when large companies are 'hacked' and loads of information is taken. Is it that the hackers are 2 steps ahead of the (hopefully) top class cyber security, or is it that the security is too lackadaisical whilst pretending to be the opposite ?
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
Is it that the hackers are 2 steps ahead of the (hopefully) top class cyber security, or is it that the security is too lackadaisical whilst pretending to be the opposite ?
The fact of the matter is that exploits come thick and fast as innovative new techniques emerge from ever creative minds. Once your infrastructure grows to the size of eBay it all becomes one big game of cat and mouse... because updates take so long to roll out - both due to the testing process in staging before rolling out to production, as well as the sheer number of assets across your estate that need to be updated.
Joined: Aug 2007
Posts: 647
Likes: 0
Mixture
From the reports that I have herd (BBC R4); Name and address + date of birth details and login password have been lost; commencing from February 2014.
If this is the case, i would contend that the statement "No financial data has been lost" is open to question. What personal details do you need to open a Credit card A/C ?
Was the "personal data" of their customers held as plain-text on their servers ? or was encryption used ?
The whole Internet retail industry is increasingly looking to be a Retail-Fest devoid of integrity.
[Edit:Give me a reason why a vendor would want your Date of birth ! outside Marketing Profile reasons i.e. not a valid reason]
CAT III
If this is the case, i would contend that the statement "No financial data has been lost" is open to question. What personal details do you need to open a Credit card A/C ?
Was the "personal data" of their customers held as plain-text on their servers ? or was encryption used ?
The whole Internet retail industry is increasingly looking to be a Retail-Fest devoid of integrity.
[Edit:Give me a reason why a vendor would want your Date of birth ! outside Marketing Profile reasons i.e. not a valid reason]
CAT III
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
The attack was made through compromised employee accounts
SD
Joined: Apr 1998
Posts: 4
Likes: 1
From: Mesopotamos
Of course, one way to rekindle interest in your product is to get all users past and present to log in. To achieve that you could invent a story about accounts being hacked and that everybody now needs to change their password.
If only you saw some of the tools I came across that had the word "Digital" in their job title and wouldn't hesitate doing such a scam. They didn't succeed because we wouldn't let them.
If only you saw some of the tools I came across that had the word "Digital" in their job title and wouldn't hesitate doing such a scam. They didn't succeed because we wouldn't let them.
Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
There was an occasion about 20 years ago when my boss and I needed to make some urgent changes to a paper that was going to the board the next day. His secretary had just gone off on a walking holiday, and the document was secure in her section of the company system.
It took the two of us about five minutes to "hack" the security system, change her password, and do the necessary to access the document.
Like all security, it's only as good as the people thinking about it. They will armour plate and treble-secure the front door, windows etc. But they'll leave the back door open for the staff to come and go. Anyone with a bit of nous can get in that way.
Not much has changed in those 20 years.
It took the two of us about five minutes to "hack" the security system, change her password, and do the necessary to access the document.
Like all security, it's only as good as the people thinking about it. They will armour plate and treble-secure the front door, windows etc. But they'll leave the back door open for the staff to come and go. Anyone with a bit of nous can get in that way.
Not much has changed in those 20 years.
Joined: Jul 2004
Posts: 2,948
Likes: 1
From: Cloud 9
It said it found no evidence of any unauthorised access to financial or credit card information.
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
Yes, ebay holds financial information - how else do you think it debits seller fees?
If you haven't got a seller account it may not need that information.
SD
If you haven't got a seller account it may not need that information.
SD
Joined: Nov 2004
Posts: 1,803
Likes: 0
From: Perth - Western Australia
Phileas Fogg:
Yes, indeed. If you're a seller who isn't a "casual seller", or an eBay store owner, eBay require you to put on record, account or CC details to enable them to take funds from that account or CC when you owe them money for sales.
The part that makes me angry is that eBay is always intent on improving returns to eBay - but they care so little about their clients private and important details, that they don't even encrypt your name, address, email, birthdate, and phone number.
CC companies encrypt all your private information, and they offer fraud protection as well. eBay offer you nothing.
The media state that eBay is emailing clients advising them to change their password. Nothing of the kind has happened - there's only a message on the home page of eBay advising you to change your password.
These stolen details are gold for scammers, and they now have 145,000,000 users details to on-sell to every scammer on Earth.
I trust that someone starts a class-action against eBay for failure to take basic precautions with vital personal information.
There's a message doing the rounds that someone is offering all these eBay details for sale, already.
EBay users still at risk following cyber attack, even if they changed passwords
eBay seller details for sale. Payment in BitCoins - http://pastebin.com/vmvjGw3N
Whilst eBay may own PayPal are eBay admitting that eBay in themselves hold financial and credit/debit card information?
The part that makes me angry is that eBay is always intent on improving returns to eBay - but they care so little about their clients private and important details, that they don't even encrypt your name, address, email, birthdate, and phone number.
CC companies encrypt all your private information, and they offer fraud protection as well. eBay offer you nothing.
The media state that eBay is emailing clients advising them to change their password. Nothing of the kind has happened - there's only a message on the home page of eBay advising you to change your password.
These stolen details are gold for scammers, and they now have 145,000,000 users details to on-sell to every scammer on Earth.
I trust that someone starts a class-action against eBay for failure to take basic precautions with vital personal information.
There's a message doing the rounds that someone is offering all these eBay details for sale, already.
EBay users still at risk following cyber attack, even if they changed passwords
eBay seller details for sale. Payment in BitCoins - http://pastebin.com/vmvjGw3N
Last edited by onetrack; 23rd May 2014 at 09:22. Reason: addendum ..
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
eBay seller details for sale. Payment in BitCoins - http://pastebin.com/vmvjGw3N
Wouldn't surprise me in the least that there are scammers out there cashing in, not that people attempting to buy illegal data deserve much protection of course !
At least payment is in Bitcoin which means you can watch how many scum fall for the bait... https://blockchain.info/address/1e4a...b7VHbd7KbcdPfA
(Also another good reason to regulate bitcoin more heavily !)
Joined: Jul 2004
Posts: 2,948
Likes: 1
From: Cloud 9
Yes, ebay holds financial information - how else do you think it debits seller fees?
Yes, indeed. If you're a seller who isn't a "casual seller", or an eBay store owner, eBay require you to put on record, account or CC details to enable them to take funds from that account or CC when you owe them money for sales.
My card and bank account details were only ever registered with PayPal and never with eBay!
Joined: Nov 2004
Posts: 1,803
Likes: 0
From: Perth - Western Australia
Phileas - You must have joined eBay early in the piece, before they tightened up the financial requirements. eBay hates losing money, and they didn't take long to ensure they got paid, when a seller didn't pay on time.
I used to be a store owner on eBay, but they got too hungry, and they didn't want "hobby" sellers, only the "biggies" with massive turnover.
It suits me fine, I rarely go there now, because there's plenty of alternatives - mostly in the sellers own websites - and I have no need to deal with their rapaciousness.
Everything on eBay is slanted in eBays favour, there's no fairness, no adjudication, no longer any ability to leave negative feedback for scumbag buyers, and no longer any good feeling when dealing with them.
I used to be a store owner on eBay, but they got too hungry, and they didn't want "hobby" sellers, only the "biggies" with massive turnover.
It suits me fine, I rarely go there now, because there's plenty of alternatives - mostly in the sellers own websites - and I have no need to deal with their rapaciousness.
Everything on eBay is slanted in eBays favour, there's no fairness, no adjudication, no longer any ability to leave negative feedback for scumbag buyers, and no longer any good feeling when dealing with them.
Joined: Oct 2006
Posts: 2,798
Likes: 74
From: One Three Seven, Disco Heaven.
Well so much for advising you to change passwords. Now you can't get in unless you change your password. I've allegedly been sent 3 texts and phone calls to my phone, with a new PIN to get in, but haven't seen sight nor sound of them. Useless cnuts. They're quick enough at finding more ways to screw you for money. It obviously isn't being spent on security though.
