eBay has reached out to third-party developers after learning about a security breach in which criminals accessed eBay’s user database. eBay revealed the hacking incident to the public on Wednesday, May 21st.
With eBay requesting that users change their passwords after the incident, customers may be wondering how it affects their use of third-party buying and selling tools. The good news – eBay users do not have to take any extra steps after they change their eBay passwords.
eBay put a system in place in 2004 so users do not have to provide third-party listing tools with their eBay passwords. Instead, users go through an authorization and authentication process in which they authorize eBay to grant the vendor to access their account; eBay gives the vendor a token that it or the user can revoke at any time.
eBay spokesperson Ryan Moore told EcommerceBytes, “Developers and affiliates do not need to reset their authentication tokens as a result of the password change.”
Amine Khechfe cofounder and General Manager of Endicia said eBay was keeping vendors apprised and reached out to Endicia proactively. “Due to the security breach, in additions to password resets, eBay is also expiring authorization tokens created after late Feb 2014,” he told EcommerceBytes. “Endicia’s eBay integration uses these tokens to make API calls on our customers’ behalf. Our solution was designed to take care of reauthorizing and generating new tokens gracefully. So Endicia’s customers should be all set and not to worry from our end at this point.”
Kristen Rice, founder of Seller Sourcebook, said her company’s service was not impacted at all and said it was extremely unlikely that any third party service was. Seller Sourcebook is a certified eBay Compatible Application, and as with Endicia’s customers, her users do not have to update their authorization tokens either.
Interestingly, Rice said on Saturday she had noticed no changes in buyer or seller behavior since eBay announced the hacking attack on Wednesday, and she said eBay was keeping developers up to date about what they need to know.
There is one area where users may be impacted after changing their eBay passwords: sniping software. Such programs require buyers to provide them with their eBay passwords, since eBay doesn’t allow sniping services into its developer program.