Just read that their database of user name and passwords has been compromised. Schmucks that they are, they still don't tell you on their web site to change your password. But do it.
I have to say, I'm getting mighty tired of all these hackings and having to change my passwords on about 100 websites. I don't even keep a keychain anymore nothing seems secure as the piece of paper I have all my passwords written on.
It has become a serious problem. I no longer register on random sites. Instead, if they offer the product through Amazon, I get it that way even if it costs more. Amazon also has new "wallet" that I have seen other vendors use. So even if you are on the other company's web site, you can pay using your amazon account.
The hackers have become smarter than the typical IT person in these companies. It takes incredible knowledge to guard against the hacks, something that companies with internal software development like Microsoft, Amazon and Google can afford to have but nother others. Major tech companies like Apple and Yahoo can also be there if they took this area as seriously as they should.
My sense is that the payment systems will soon consolidates and smaller players will use the payment system from major players. In the traditional shopping, we do precisely that by using our credit cards. But on the web it is the wild west right now. Many times we have no idea who is handling the transaction as many of these smaller sites are just a front-end for some larger distributor of those products.
They have such large membership which means everyone trying to reset a system that is usually much less loaded starts to fail. Another sign that they are not prepared for these kinds of emergencies.
Part of the headache IMO is not necessarily just the password, it is the fact they have unencrypted customer details, nearly enough to start building fraud attacks (or enough to track down further information-cause personalised phishing attacks/"cold call" by phone-etc).
Anyway will be interesting to see where the Ebay attack originated from, that is if the information-report is ever publicly released when completed.
I just got informed by Ebay yesterday (27/05 AEST) to reset my password (which I did). See the email below. Nice to see Ebay taking such prompt action to protect members privacy (not!)...
IMPORTANT: PASSWORD UPDATE
Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.
Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.
What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.
What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.
Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.
If you have only visited eBay as a guest user, we do not have a password on file.
If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.
Here are other steps we are taking:
As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
We are applying additional security to protect our customers.
We are working with law enforcement and leading security experts to aggressively investigate the matter.
Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.
However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.
We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.
Devin Wenig Signature
Devin Wenig
President, eBay Marketplaces