eBay notice hack legit?

DEvok on 27/05/2014 - 17:24

Just recieved a email from ebay to change my password that ebay has been hacked and all users ate in threat? What you guys think? Is it legit?

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.

Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.

If you have only visited eBay as a guest user, we do not have a password on file.

If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network.

Here are other steps we are taking:
As always, we have strong protections in place for both buyers and sellers in the event of any unauthorized activity on your account.
We are applying additional security to protect our customers.
We are working with law enforcement and leading security experts to aggressively investigate the matter.

Here's what we know: This attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers' name, encrypted password, email address, physical address, phone number and date of birth.

However, the file did not contain financial information. And, after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. We also have no indication of a significant spike in fraudulent activity on our site.

We apologize for any inconvenience or concern that this situation may cause you. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We know our customers have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Devin Wenig
President, eBay Marketplaces

Internet

Related Stores

eBay US
eBay US
Marketplace

closed Comments

  • retiredfeline on 27/05/2014 - 17:25
    +10

    Where have you been?

    • CI on 27/05/2014 - 19:40
      +2

      not on earth

  • fatal on 27/05/2014 - 17:31
    +4

    In other words, yes it is legit.

    It's all over the eBay website as well.

  • DEvok on 27/05/2014 - 17:32
    +2

    I haven't used ebay for years, just reveived the ema, and thought of a potential hacker that emailed me.

  • DEvok on 27/05/2014 - 17:36

    And I don't watch tv, I know it's probably odd, but as we always get emails to change passwords from hackers, just didnt know. Well guess I shouldn't worry, besides using PayPal!

    • retiredfeline on 27/05/2014 - 17:51
      +2

      It's even in the OzBargain forums.

      • altomic on 27/05/2014 - 18:10
        +5

        I even heard greenpossum talking about it.

        • CheapCoffee on 27/05/2014 - 18:14
          +4

          I just heard altomic talking about it

  • TheAccountant on 27/05/2014 - 19:21
    +1

    Be careful. EBay messages always have your full name and don't generically address you as "eBay Member". The email must contain your real name or it might be a phishing email.

    • ukmark on 27/05/2014 - 20:25
      +3

      To be fair though, the hackers know your full name now too.

  • timmypete on 27/05/2014 - 19:36
    +1

    As mentioned already its been in the news and on the OzB forums already and its exceptionally poor form on eBay's behalf that this message took so long.

    On this topic though, you can usually spot a genuine email from eBay/Paypal/your bank/other legitimate institution by the conspicuous absence of a link to click on:

    What I ask of you:
    Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.

    All have an interest in educating their customers about the dangers of clicking unsolicited links, even when it makes the instructions a tad harder in circumstances like these.

  • Moderatorscotty on 27/05/2014 - 20:29

    Yes the eBay hack incident has been posted in the forum a few times now. Please use the existing thread for discussion. Thread closed.

Login or Join to leave a comment
Login Join