http://www.bbc.co.uk/news/technology-27503290
Good of them to rush and tell us since it happened back in Feb/March.
Good of them to rush and tell us since it happened back in Feb/March.
ebay hacked - change your password
- Thread starter Mr_P
- Start date
Help Support UKworkshop.co.uk:
Yep, came here to post this, but I got delayed canting my password first. Interestingly:
Although the passwords are 'encrypted' [0], the mechanism by which this is done is generally known. It's then just a matter of time (and inclination) to get a computer to try to crack the passwords - hence why one should change the password _now_. In principle, I would expect that a dedicated intent would have cracked a number of them by now - and the general modus operandi would be the use the password to change the existing password on eBay, then start 'selling' fraudulently, or 'buying' with rubber cheques….
The fact that they also got physical addresses, date of birth, and email addresses also opens some (limited) opportunity to try to crack other online accounts. They don't say, but I strongly suspect that the 'secret question' data would also have been leaked.
Any other site that you use the same userid for, particularly if you use the same password too [1], I'd recommend changing passwords and 'secret question' there too, and keeping an eye on such places.
Spending _any_ amount of time doing computer security does tend to give one a creeping sense of paranoia… You'd be surprised how easy it can be to break into computer systems...
[0] I'm hoping that it's actually a one-way hash, rather than a reversible encryption.
[1] Bad! Bad internet user! No biscuit! For _exactly_ this reason.
Although the passwords are 'encrypted' [0], the mechanism by which this is done is generally known. It's then just a matter of time (and inclination) to get a computer to try to crack the passwords - hence why one should change the password _now_. In principle, I would expect that a dedicated intent would have cracked a number of them by now - and the general modus operandi would be the use the password to change the existing password on eBay, then start 'selling' fraudulently, or 'buying' with rubber cheques….
The fact that they also got physical addresses, date of birth, and email addresses also opens some (limited) opportunity to try to crack other online accounts. They don't say, but I strongly suspect that the 'secret question' data would also have been leaked.
Any other site that you use the same userid for, particularly if you use the same password too [1], I'd recommend changing passwords and 'secret question' there too, and keeping an eye on such places.
Spending _any_ amount of time doing computer security does tend to give one a creeping sense of paranoia… You'd be surprised how easy it can be to break into computer systems...
[0] I'm hoping that it's actually a one-way hash, rather than a reversible encryption.
[1] Bad! Bad internet user! No biscuit! For _exactly_ this reason.
gregmcateer
Established Member
Thanks for the heads up
Rhossydd
Established Member
Did you manage to read as far as the bit that says;Mr_P":1ef5cul9 said:
"attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago." and then "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today"
My brother-in-laws, step daughter who is just 12 years old, hacked his computer and advised him of all his passwords in a matter of minutes. :shock:
So what chance do we stand, for me a non savvy computer user, my chances are zero. #-o
Which means I don’t use these type of sites.
Take care.
Chris R.
So what chance do we stand, for me a non savvy computer user, my chances are zero. #-o
Which means I don’t use these type of sites.
Take care.
Chris R.
Alexam
Bandsaw Boxmaker
If you only pay using Paypal, I understand that you are perfectly safe. I have changed my password anyway.
RogerS
Established Member
ChrisR":2isuk444 said:
Buy a Mac ? :-"
RogerS
Established Member
Rhossydd":1im3psze said:
Yup, those lazy PC owners who can't be bothered to keep their anti-virus stuff up--to-date.
Alex H
Established Member
ChrisR said:My brother-in-laws, step daughter who is just 12 years old, hacked his computer and advised him of all his passwords in a matter of minutes. :shock:
/quote]
So, if you have a list of your passwords, don't call it "passwords' and don't keep it on your computer
RogerS
Established Member
Rhossydd":2362o9jv said:
Don't be such a patronising prat. I have probably forgotten more about IT security than you have had hot dinners.
My original post was said somewhat tongue in cheek but you just HAD to start making snide comments (and continue to do so).
I have a job for that involves sex and travel.
MMUK
Established Member
RogerS":nbdhc6j1 said:
You work for Ann Summers? :wink:
RogerS
Established Member
Rhossydd":3gjfzi3t said:
Still being a prat, I see.
RogerS
Established Member
MMUK":1clnx796 said:
:lol: :lol: Yup, product tester extraordinaire. The fringe benefits are great and I aim to give customer satisfaction :wink:
Similar threads
