PSA: Ebay hacked - change yer password

F

fritter63

Retailer
Member
Joined
Jan 19, 2011
Messages
1,496
ebay hacked

The good news, the passwords were stored encrypted (as they should be), so there would be some effort (near impossible if it's 256 bit) to get at them.

The BETTER news? It's eBay, and even with your password, it would take them 2 weeks to find the right page to do anything.... [poke]
 
fritter63 said:
ebay hacked

The good news, the passwords were stored encrypted (as they should be), so there would be some effort (near impossible if it's 256 bit) to get at them.

The BETTER news? It's eBay, and even with your password, it would take them 2 weeks to find the right page to do anything.... [poke]
Click to expand...

Haha.  I just changed my password before you posted it and it took me every bit of 5 minutes to figure out where to change it.
 
fritter63 said:
ebay hacked

The good news, the passwords were stored encrypted (as they should be), so there would be some effort (near impossible if it's 256 bit) to get at them.
Click to expand...

It might be good news but it could be that it it is easy to get them. So far there is not enough information

Adobe leaked 150,000,000 passwords and while they had stored them as encrypted and hashed they were not salted hashes. If they had been stored as salted hashes the breach would have been much less serious.

However as they were just hashed (virtually all passwords that have any protection are stored as a hash to reduce storage space and speed checking) this means that with the encryption used every password that was the same had the same hash. Frequency analysis would get many of the common passwords.

You are probably safe if you have used a sudo random long password  this is an example "4cxm2DAPqW9(EKtpFwen"

http://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-disaster-adobes-giant-sized-cryptographic-blunder/

However the information we do have suggests that the breach is much more serious than even the Adobe one the data leaked included
"customers names, encrypted passwords, e-mail addresses, postal addresses, phone numbers and date of births" Perfect for identity theft
 
Here are the instructions found in the FAQ section:

1. Click My eBay at the top of most eBay pages and sign in.
2. Click the Account tab, and then click the Personal Information link on the left.
3. On the Password line, click the Edit link on the right. For added security, you'll be asked to sign in again.
4. Enter you current password and your new password in the spaces provided and click Save.

When I did this it asked me for my email address. On providing it I was sent an email with a link which then enabled me to change the password.
 
You must log in or register to reply here.

Similar threads

S
I think the US Tool & Fastener site has been hacked
Replies
16
Views
4K
smorgasbord
S
S
SOLD Vac SYS Pump and Pedal
Replies
0
Views
154
squall_line
S
P
Festool Router Table Set, CMS-GE (SOLD) (rarely seen for sale)
Replies
6
Views
593
pboulanger
P
B
KV D8 Connector pullout strength vs screws.
2
Replies
32
Views
1K
squall_line
S
J
Warning: Woodpeckers Semble Clamps can Ruin Woodwork
Replies
5
Views
1K
leakyroof
leakyroof
Back
Top