Jump to content
House Price Crash Forum

Archived

This topic is now archived and is closed to further replies.

interestrateripoff

Ebay Urges Users To Change Passwords

Recommended Posts

http://www.bbc.co.uk/news/technology-27503290

Ebay has asked users to change their passwords following a cyberattack that compromised one of its databases.

The auction site said that the database contained encrypted passwords and other non-financial information.

The US firm added that it had no evidence of there being unauthorised activity on its members' accounts.

Nothing is secure.

Share this post


Link to post
Share on other sites

those encrypted passwords should still be safe..that IS the idea for encryption...ie that should someone else get it, they cant use it, because it is encrypted...or maybe their encrypted passwords are not encrypted

Share this post


Link to post
Share on other sites

those encrypted passwords should still be safe..that IS the idea for encryption...ie that should someone else get it, they cant use it, because it is encrypted...or maybe their encrypted passwords are not encrypted

By encrypted they mean hashed. Depends on the hash algorithm and ebay's implementation as to how strong the "encryption" is. Dictionary-based passwords could be attacked with a rainbow table. MD5 hashes are designed to be fast to compute and could be brute forced on CPU or better on a GPU. Hopefully they will have salted the hashes, making rainbow and brute force attacks much more difficult or even practically impossible. So it all depends on the implementation and how much resource the attacker has at his disposal.

Share this post


Link to post
Share on other sites

I'm going to change my password from "password1" to password6" now! That will fool these "hackers". Actually when I went to EBay, I couldn't find where to change the password!

Share this post


Link to post
Share on other sites

I would have thought you would have a pin number?

Share this post


Link to post
Share on other sites

I would have thought you would have a pin number?

Ah, the number of the Pin! I had a motorbike with 667 on the number plate once, as somebody more demonic than me had bagged the good number!

Share this post


Link to post
Share on other sites

Ah, the number of the Pin! I had a motorbike with 667 on the number plate once, as somebody more demonic than me had bagged the good number!

That would have been my uncle, whose 1941 Mercedes had the registration '666 HH'!

Always turned heads on the Kingston bypass. Especially in 1941.

Share this post


Link to post
Share on other sites

change it in account settings (click below your name at the top for the dropdown) - just done it to make sure although lots of these stories are a bit OTT on the scare-mongering.

Share this post


Link to post
Share on other sites

That would have been my uncle, whose 1941 Mercedes had the registration '666 HH'!

Always turned heads on the Kingston bypass. Especially in 1941.

Heil HItler? LOL!

Share this post


Link to post
Share on other sites

That would have been my uncle, whose 1941 Mercedes had the registration '666 HH'!

Always turned heads on the Kingston bypass. Especially in 1941.

I am possibly the reincarnation of your imaginary uncle! I always like a joke that's just "too obvious" to get,as many people still miss them!

Share this post


Link to post
Share on other sites

change it in account settings (click below your name at the top for the dropdown) - just done it to make sure although lots of these stories are a bit OTT on the scare-mongering.

The most sensible post on this thread! If you can guess my password, you will know my mind!

Share this post


Link to post
Share on other sites

I'm going to change my password from "password1" to password6" now! That will fool these "hackers". Actually when I went to EBay, I couldn't find where to change the password!

Let me know your password and I'll get in there and change it for you ;)

Share this post


Link to post
Share on other sites

Let me know your password and I'll get in there and change it for you ;)

You know a lot of people fall for that one!

Share this post


Link to post
Share on other sites

eBay have got bigger problems than this. I clicked on a listing the other day, and it briefly flashed up before displaying an eBay login screen on a completely different and obvious phishing domain.

I'm amazed they allow that kind of redirection in the code you can put into listings. That's pretty basic stuff.

Share this post


Link to post
Share on other sites

This is reported to have happened months ago . A tad late to change passwords? A related business Paypal is apparently unaffected. No comment.

Share this post


Link to post
Share on other sites

Are the passwords more valuable than accessing ebay accounts? I'm guessing many individuals may have their work password and ebay one the same, from a hackers point of view attempting a brute force attack on a system just got a lot easier with the ultimate password dictionary?

Share this post


Link to post
Share on other sites

Are the passwords more valuable than accessing ebay accounts? I'm guessing many individuals may have their work password and ebay one the same, from a hackers point of view attempting a brute force attack on a system just got a lot easier with the ultimate password dictionary?

Well unless somebody wants to sell baby clothes under my name, yeah that's pretty much it.

However changing your password on ebay won't do you much good in that regard.

Basically people use the same email and password combinations for most sites and so "hackers" can run your password and email combination against a number of sites. Rather ironically ebay is one of the few passwords which is completely unique for me. Anything worth keeping safe has a decent password but pretty much anything run of the mill gets the same one.

Share this post


Link to post
Share on other sites

Well, this is interesting.

I rarely use ebay but logged in a few weeks to look for some hiking shoes. Logged in fine with my current email and password.

So i just tried to log in now with the same username and password - nothing. Nada. It will not allow me to log in. It recognises the usernmae but not the email address.

So I clicked on the reset password option and to my surprise it came up with an email address and phone numbers that I have not used in years, and no longer have, to send reset details to. In short, I am now locked out of my ebay account.

It appears to me that there has been some kind of backup used from many years ago on my account replacing my current data with out of date data.

Share this post


Link to post
Share on other sites

Are the passwords more valuable than accessing ebay accounts? I'm guessing many individuals may have their work password and ebay one the same, from a hackers point of view attempting a brute force attack on a system just got a lot easier with the ultimate password dictionary?

Drop shipping.

Stolen credit card, stolen ebay account, order to delivery to buyer address. Offer new products at 80% of retail.

Leaving the buyers address as delivery for goods purchased with stolen credit card, the eBay account trashed and linked paypal account liable.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

  • The Prime Minister stated that there were three Brexit options available to the UK:   224 members have voted

    1. 1. Which of the Prime Minister's options would you choose?


      • Leave with the negotiated deal
      • Remain
      • Leave with no deal

    Please sign in or register to vote in this poll. View topic


×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.