Subscribe    RSS Feeds    Twitter            Contact Us   
728_header.jpg (23748 bytes)
 Home   EB Blog   AB Blog   Letters   Podcasts   Forums   EPIS   PR Service   Classifieds   EKG   Ratings 
Web Site     
  Rate Services
  Amazon Fee Calculator
  eBay Fee Calculator
  Etsy Fee Calculator
  Auction Calendar
  Collectors' Links
  eBay Promo History
  Bookshelf
  Fraud Resources
  Drop-Off Store Laws
  Payment Holds
  Ecommerce Resources
  Photo Tips
  Marketing Inserts
  Yellow Pages
  Advertising
buyersmarket2aaa2.JPG (7729 bytes)
Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Wed May 21 2014 08:21:48

eBay Hacked!

By: Ina Steiner
Sponsored Link
eBay sent out the following press release at 9:10 am on Wednesday morning:

eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

UPDATE (10 am EST): PayPal spokesperson Jennifer Hakes told EcommerceBytes eBay will only be asking its user base later today to change passwords. "Extensive forensic research has shown no evidence of unauthorized access or compromise to personal or financial information for PayPal customers," she said.

"PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay. PayPal account holders should consider changing their passwords only if their credentials are the same as those they use for eBay."

UPDATE (3:50 pm EST): eBay published a FAQs page that includes this blurb:

The file did not contain financial information, and after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.

UPDATE (8:14 am on 5/22/14): eBay sellers should consider the impact this will have on their auction listings since snipe bids may not be allowed to go through unless bidders have changed their passwords, see today's Newsflash story.



Comments (152) | Leave Comment | Permalink
Readers Comments

Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Basset
       
Wed May 21 08:34:52 2014
I wonder if this is like the Heartbleed bug where some tech security people  advised to wait to change passwords until after given the ''all-clear'' for the site?

The idea was that until the ''all-clear'' is given any new passwords could be compromised.

Any ideas on this?


Thanks for being on top of this Ina & David!
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Ina
       
Wed May 21 09:09:10 2014
Thank you to PayPal's Jenn Hakes for providing me with advice for who this impacts - see the update to this post.  
Perminate Link for eBay Hacked!   eBay Hacked!
by: unknown This user has validated their user name.
       
Wed May 21 09:33:48 2014
ebay will send a press release to CNN about it but won't post it on their own 'Announcements' page? Ah, we're not chinese sellers with a minor delay in shipping so not worthy of mention anywhere...
Perminate Link for eBay Hacked!   eBay Hacked!
by: Glor This user has validated their user name.
       
Wed May 21 09:39:17 2014
So... should we go in and change the eB/PP Passwords now or wait for a notice?
Perminate Link for eBay Hacked!   eBay Hacked!
by: Mr. Me This user has validated their user name.
       
Wed May 21 09:41:16 2014
Time to dump ebay stock.
Donahoe should immediately resign in disgrace...
Perminate Link for eBay Hacked!   eBay Hacked!
by: meci This user has validated their user name.
       
Wed May 21 09:41:49 2014
eBay CS said the message was leaked earlier but will be making a statement later.  Why later ?   Supposed to only have affected eBay and not PayPal according the the rep.
Perminate Link for eBay Hacked!   eBay Hacked!
by: unknown This user has validated their user name.
       
Wed May 21 09:50:53 2014
Still not on the ebay Announcements page but my local morning news program just had an announcement about it saying ebay is asking users to change passwords. Except they're not or they will later or something. ::sigh::
Perminate Link for eBay Hacked!   eBay Hacked!
by: Will This user has validated their user name.
       
Wed May 21 10:01:12 2014
Wonder if it is even true? Surely, a good way to get people back to the site, "Well, since I'm already here, might as well shop around for a bit".

Perminate Link for eBay Hacked!   eBay Hacked!
by: wallflower This user has validated their user name.
       
Wed May 21 10:01:16 2014
Ebay's release said:

"Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts. "

So, wait for it.
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Marie
       
Wed May 21 10:05:10 2014
Companies get hacked.  Look at what happened to Target over the last holiday season.  Some announce things quicker than others.  We all know Ebay is a bit slow, but Target was none to fast either.

For me, I'll just go change my password.  We are now aware of the potential problem thanks to Ina.  I for one won't wait for an email from Ebay requesting I change it.
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Puck
       
Wed May 21 10:06:26 2014
Sorta late getting out the news:

''The breach was discovered about two weeks ago, according to eBay, leading to a probe that identified the hacked database.''

http://www.nbcnews.com/tech/security/ebay-warns-cus
tomers-change-passwords-after-database-hacked-n110961
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Ric
       
Wed May 21 11:16:33 2014
From what I read in the news reports, this hack occurred TWO MONTHS AGO yet they are just announcing it today!!

Nice to know that eBay has invested in top notch network security that provides them with such timely warnings regarding data breeches.

The bottom line penny pinching of eBay's MBA's strikes again!!
Perminate Link for eBay Hacked!   eBay Hacked!
by: PowerSeller2007 This user has validated their user name.
       
Wed May 21 11:43:30 2014
Donahue RESIGN NOW!
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Basset
       
Wed May 21 11:50:16 2014
To be fair, I think that is how these hacks seem to get broken to the public. By design? It sure seems to follow a pattern.

With both Heartbleed and Target quite a bit of time lapsed between discovery and breaking the news to the public. Months. Many months in Heartbleed.


A carefully placed tweet here & a post there - THEN we have come to rely on the news sources that have competent  people at the helm (like Steiners) to take the lead: verify, find the facts, solidify the story, and relay the info to the rest of us.
Perminate Link for eBay Hacked!   eBay Hacked!
by: Eric Saeger This user has validated their user name.
       
Wed May 21 12:03:45 2014
Where's Ming?  I've got my jar of peanuts ready.
Perminate Link for eBay Hacked!   eBay Hacked!
by: Mr. Me This user has validated their user name.
       
Wed May 21 12:25:36 2014
Hack ? oh-no no no, its a "disruptive innovation".....!
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Rexford
       
Wed May 21 12:49:24 2014
Thank God for Ina and David.  I always get my news here first.
Perminate Link for eBay Hacked!   eBay Hacked!
This user has validated their user name. by: Ric
       
Wed May 21 12:52:19 2014
Another thought about this data breech...

eBay requires sellers to provide Social Security numbers if their volume is high enough.

eBay needs to inform sellers as to whether SS numbers were part of what the hackers got.
Perminate Link for eBay Hacked!   eBay Hacked!
by: Donna This user has validated their user name.
       
Wed May 21 13:13:43 2014
Here's an update on what information was involved:

http://www.ebayinc.com/in_the_news/story/faq-ebay-pas
sword-change
Perminate Link for eBay Hacked!   eBay Hacked!
by: Kaz This user has validated their user name.
       
Wed May 21 13:17:22 2014
So how will this translate into the "Buyer Experience" that Donahoe and Co are trying to promote?
In one fell swoop more damage has been done to the site through ebay's mismanagement than all those "failing" Top-Rated Sellers put together, talk about DEFECTS.
How many buyers will react by simply pulling the plug on ebay and go elsewhere?
As ever Wall Street will be the key, how will the ebay INC.share value react?
And THANK YOU to ecommercebytes for the news, ebay's own information is scant to say the least.
Click to view more comments
1 2 3 4 5 6 7 8  [Next Page]


Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.
 EB Blog Recent Posts 
 AB Blog Recent Posts 
 EB Blog Recent Comments 


Subscribe in a reader



Archives

 
About Us      Privacy Policy & Terms      Link to Us      Partners      Our Writers      Write for Us      Press        Site Index

Copyright 1999-. Steiner Associates LLC. All rights reserved.
 




Powered by Perl Web Blog
© 2005/2014 Ranson's Scripts