Who Takes the Fall for eBay's Massive Data Breach?

by: Puck

They'll blame the breach on small sellers.

by: NetWatch
Web Site

Donahoe should be asked to resign IMMEDIATELY. From an article earlier today by Samuel Gibbs on The Guardian:
"Security experts have criticised the company for not encrypting all private customer information it held, which includes customer names, email addresses, physical addresses, phone numbers and dates of birth.
Security levels
“We use different levels of security based on different types of information we’re storing, and all financial information across all of eBay’s businesses is encrypted,” the company spokesman said.
“It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held,” said Ferguson.
'Serious from an identity theft perspective'
Despite eBay seemingly not putting importance on personal information like postal addresses and dates of birth, the repercussions of this data theft could be felt for a long time after the break-in.
“I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. This is serious from an identity theft perspective,” said Hugh Boyes from the Institution of Engineering and Technology".

by: iheartjacksparrow

You're not kidding, Puck!

eBay will most likely not have to worry about purging thousands of sellers in August as this could possibly be the "straw that broke the camel's back," with many sellers leaving of their own accord. With all the abuse heaped upon sellers, and now facing the possibility of identity and/or monetary theft, perhaps many sellers will finally say, "enough is enough."  

by: Ric

Good thing JD brought that $ 9 Billion back to the US.

eBay can use it to pay off the golden parachutes due to him and the rest of his team which is likely to be purged.

by: Bubbles
Web Site

JD should take the fall. After all he is supposed to be in charge. With all the techies they have this should have been done years ago.

by: hzATL

Wouldn't be much of a surprise to learn Donahoe & his loyal lackies orchestrated this. Great way to rid eBay of millions more small sellers like me ($50,000.00 or less in sales per year) that list quality merchandise with no returns in favor of foreign sellers who list crap merchandise with negative net sales due to returns.  

by: frustrated

@bubbles

WHAT techies?  The 19 year olds they hire in at 9 bucks an hour?

Check glassdoor.com for reviews from the poor souls who (thankfully) used to work there.

They just use it as a resume filler because there are still people out there who believe that companies as large as ebay only hire the best.

I cannot imagine the turnover the must have. Lucky for most of them, they are young enough to overcome their HORRIBLE experience there with little damage done.

They couldn't PAY me (personally) enough to sit and answer phones there, especially this week. And if they paid me 100 grand I could quit in one year with a paid off house, and never work again.

The IT people they have there sit and dream up stuff to do that has nothing to do with the real issues that plague the site, and most of the ''improvements'' they come up with wreck 2 or 3 other things that worked yesterday. That is the behavior of a VERY young person trying to show off for their boss. NOT a seasoned IT professional who actually KNOWS what they coded will work. Ebay doesn't PAY enough to grab those people. If they did, sellers wouldn't complain on a daily basis about idiotic glitches (like todays glitch with uploading pics, or the one where they tell you to add  '', . ,'' to the title...)

and oh BOY I could list 100 more things, that came from bad coding and lack of testing functionality.

In case anyone hasn't noticed, about 99% of the people who work there (ask them, they will tell you) NEVER use the site, as either a buyer or a seller. So why should they care about the breach??

Unless the DOJ decides they are 100% liable for all financial losses due to the breach, they never WILL CARE, either.

Maybe the people who work there know something we DON'T. Like the fact that a breach could happen any time?

It's WELL KNOWN that pay-pal has been hacked, and info sold off to the highest bidders, a couple times in the past. Only sellers with a HUGE financial investment, employees, building rent, and a house payment are willing to risk it.  CERTAINLY not a person who works there, who knows how sloppily everything is handled there....

by: frustrated

PS

Can we dare to hope this will be their EXCUSE for selling out to Google?

And can we dare to HOPE that if they do fire JD, we get someone BETTER this time, instead of the Meg/JD trade??

Let's vote for PIERRE, who started it, to take it back where it should be, so everyone can make money and find rare and wonderful items once again.

Sorry, it must be time for more medication.

by: frustrated

Sorry can't help it, one more thing:

2278 signatures and counting, PETITION TO ASK FOR JD'S RESIGNATION

http://www.petitiononline.com/petitions/jdonohoe/si
gnatures?page=7

by: gramophone-georg

ALL of them should go. Clean sweep of any and all signs of Bain. eBay needs to get back to basics.

by: JLS

I agree:  They should ALL be fired for this!  I personally have seen a 600% INCREASE in phishing emails with 5 new ones just today, telling me that my Paypal account is going to be shut down ASAP if I don't log into their (of course, phony) website.  Of course, I also called Paypal who told me that there was no problem with my account and asked me to forward the 5 emails to their ''spoof @paypal.com'' but the phishing emails were so horrific that my own ISP provider would not allow any of the 5 to even be forwarded!

by: comet

@JLS---

The reason that your "spoof" emails can't get sent is NOT because of how "horrific" they were it has everything to do with your ISP not ALLOWING something with the title SPOOF in it to go thru.  

You might need to call Paypal and ask for a DIFFERENT email at their site to receive these.  This is a fairly well known if very annoying problem when trying to send these.  Sometimes you can't send these to ebay's spoof addy either.  

by: comet

@JLS--I forgot to mention--you might need to get PP to allow you to change the title on these before you send them---so that SPOOF word doesn't appear.

Maybe some one here knows more than I about this and can help further????

by: cfrphoto
Web Site

Ultimately, sellers will take the fall. There is every reason to believe that the number of buyers will drop sharply while the eBay site remains in an unsettled state. I heard reports today of delayed or misdirected emails related to changing passwords. For a while at least, buyers will lose confidence in the site and buy less.

As far as security is concerned, either the break in was an "inside" job or eBay does not have the necessary security and compartmenting in place. It should not be possible to log into a web or database server from outside the eBay employee network. Access to the employee network from outside should require at least two forms of authentication. With proper isolation, breaking into a web server or performing a SQL injection attack should not result in being able to reach personally identifiable information (PII). It will be necessary for eBay to provide a better explanation and stop cutting corners with network security or employee security.

by: comet

I had to call PP today after--spoiler alert--I had a PROBLEM on ebay. I need to issue a refund and CANNOT do a Full or Partial OR use the Resolution Centers Communicate link to ya know communicate with the buyer I need to refund.  So I went to PP and couldn't do anything THERE either.  

Gee is it ME or are many parts of ebay even MORE messed up today than usual???

So I called.

Guess I never knew that if a "case" is filed you CAN'T issue a refund via Paypal!  I don't often have this happen so---

But!  While I was waiting the few SECONDS it took me to get IN to PP CSR I got a recorded announcement on the Ebay hack.  AND the CSR had to go into a rather elaborate "read" of the SAME info.  I am very sure I don't believe a word that the nice Nebraska girl had to SAY about it but it was at least PRO ACTIVE.  

I think everyone top down at ebay perhaps to the level of the janitors NEEDS to GO right away.  

This is criminal.

Imagine--you sell higher end items and store them at either your home or place of business.  Some one pays the hackers for YOUR info and some guy with a mask and a gun shows up at your house and demands the goods.  

I know--farfetched, right?

Well sadly not really.  We had a guy killed around here for the PIN number of his ATM.  People will do crazy things for easy money.  

I doubt anyone will be turning up here in Cow Town for the vintage and new clothing and odds n ends I sell but some of you---I would be double checking the locks and alarms and changing those codes!!!!

Still NO email from ebay on my accounts at 12:31 AM EDT.  On the very bottom of the SELLING page I saw a notice of how they are maybe perhaps some day going to politely ask us to collectively change several million passwords all at once.  And friends have been reporting that they tried and cannot get a VALID new password.  

Sheesh

Who was it said::: The lure of easy money has a very strong appeal

by: Philip Cohen
Web Site

There’s no point in simply “forwarding” a spoof email to “PreyPal” as the underlying meta data from the original email will not be included, and I don’t doubt that any such emails so sent will go straight into the “PreyPal” waste basket without any human intervention. For such a spoof email to retain its underlying meta data, and so be of some possible use in tracking its source, it has to be sent as an “attachment”. Regardless, I suspect that “PreyPal”, like eBay, will do nothing about such spoofs until the tremors therefrom start collapsing their premises around their ears …

“Meta data”, you know, that stuff the NSA was collecting …

eBay Inc, where the incompetent mingle with the malevolent and the criminal ... http://bit.ly/11F2eas

by: Moonwishes

those of us that used to sell on ebay that have valid acccounts, I know I for one haven't had a single email from ebay. I guess if I haven't had an ebay transaction in a while they don't care if my info got hacked? But it sounds like they don't care about anyone, most likely since the boards, and JD himself, don't buy or sell on the site, so THEIR info is secure!

by: summer in the city

Ebay: about as secure as a Pez dispenser.

by: pfft!!

Moonwishes, it's not just those who haven't used their acct's lately.  I'm a PS and TRS who sells 24/7 and HAVE since about 2003, and I haven't received ANYTHING from ebay re: changing my password.  

by: FREDDY

Sounds like they didn't want to invest in security, High payroll for execs- yes.

What happened to the ceo of Target??

Of course JD will come out and somehow place the blame on the small ''noise'' sellers.