WARNING Cyber Attack on EBAY-Change Passwords NOW
 

Use eBay? Then Change Your Passwords NOW:

Site Requests that users update personal details after a major cyber attack

• Attack made between February and March and affects 233 million users
• Hackers were able to steal what eBay claims is a 'small number' of its employee log in details, allowing them to infiltrate its corporate network
  
• This gave hackers access to eBay customers' name, encrypted password, email address, physical address, phone number and date of birth
• 'The database did not contain financial information,' according to eBay
  

By Daily Mail UK, 21 May 2014


eBay has urged its 233 million users to change their passwords following a cyber attack that has compromised its databases.

Hackers were able to steal what eBay claims is a 'small number' of its employee log in details, allowing unauthorised access to its corporate network.


The cyber attack was made between late February and early March, giving hackers access to eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.


http://i.dailymail.co.uk/i/pix/2014/...06_634x505.jpg

eBay is requesting that all users change their passwords, according to a message posted on the website of the company's online payment unit PayPal


'The database did not contain financial information or other confidential personal information,' said eBay in a statement.

'There is no evidence of unauthorised access or compromises to personal or financial information for PayPal users.
'PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.


Beginning later today, eBay users will be notified via email to change their password.


The company said it is also encouraging any eBay user who used the same password on other sites to change those passwords too.


Earlier today, a message was posted under the headline 'eBay Inc. To Ask All eBay Users To Change Passwords.' The only text in the body of the post is 'placeholder text.' It was taken down within hours.

It is yet unknown how the hackers were able to steal employee log in details.


'Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customer,' the group added.

The company added that the compromised employee log-in credentials were first detected about two weeks ago.
Early reports said the password change could have been as a result of the worldwide Heartbleed security breach last month, but PayPal said at the time its servers weren’t at risk and had not been affected.


http://i.dailymail.co.uk/i/pix/2014/...27_634x419.jpg

Some reports claim the password change on eBay could be as a result of the worldwide Heartbleed security breach last month, but PayPal said at the time its servers weren't at risk and had not been affected
END

NB:
I just tried to change my passwords, but it was not possible at this time on their system. When I tried to log in and their system wouldnt let me, so I clicked the "forgotten user ID", etc.... and no auto emails were received by me from them...Looks like their system has real problems...

eBay hacked
 

eBay hacked, requests all users change passwords

eBay confirms users' passwords were compromised but says there's no evidence any financial information was accessed.
by Don Reisinger May 21, 2014

http://i294.photobucket.com/albums/m...rious/data.jpg

eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."

The statement follows an odd stream of events this morning when eBay-owned PayPal posted a blog entitled "eBay, Inc. to Ask All eBay users to Change Passwords." The blog post included nothing but the title, but quickly hit the Web after it was retweeted dozens of times. The blog post was then taken down from PayPal's site, causing even more confusion for users of the online auction house.

eBay has since posted information about the hack on its official blog. The company will ask all users to change their passwords starting later on Wednesday.

eBay shares are down 1.73 percent, or 90 cents, to $51.06, following news of the hack.

The database, which eBay said was compromised in late February and early March, held eBay customer's names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. However, the company says users' financial information was not accessed.

"After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats," eBay wrote in the post. "However, changing passwords is a best practice and will help enhance security for eBay users."

eBay also tried to allay concerns of PayPal users who store credit card information on the service. Although eBay owns PayPal, the online auction site says that "PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted."

eBay said it detected the hack two weeks ago and engaged in forensics activities to determine what database was compromised and what was stolen. The company narrowed down the attack to "a small number of employee login credentials" stolen by cyberattackers, which it said provided access to eBay's corporate network.

Starting later on Wednesday, eBay will use email, site updates, and "other marketing channels" to request its users change their passwords. The company also encouraged its users to change the passwords on any other sites they might use with the same log-in credentials. It even ended its blog post with a security tip: "The same password should never be used across multiple sites or accounts."

eBay's hacking should be taken seriously. The e-commerce site has 128 million active users around the world. While the company has acknowledged that it will ask ever user to change their password, eBay hasn't said how many customers might have had information stolen.

With Heartbleed wreaking havoc on the Web and an increasing number of major companies having their servers hacked and personal information leaked, Web security -- or lack thereof -- is becoming a huge concern for Web users. The eBay hack could prove to be the biggest security flaw to affect users since last year's Target data breach. That hack is believed to have impacted 110 million customers and left personal information -- including names, mailing addresses, phone numbers, email addresses, and debit and credit card data -- open to hackers.

Source:

Re: eBay hacked
 

Thanks jenkins but there was already a WARNING thread about this in Site Announcements.... Ive merged this thread with that one....