Support Overview

Help Desk

Online Service Request

Emergency IT Support

Security Alerts

Computer Usage Tips

eBay Asks All Users to Change Password After Hack Attack
05/21/2014

On May 21st eBay confirmed that its corporate information network was attacked and a database with users' encrypted passwords (and other non-financial data such as name, email address, physical address, phone number, and date of birth) was compromised.  eBay is urging its customers to change their passwords.  eBay said it has no evidence of unauthorized use of users' information on eBay.

PayPal (owned by eBay) stores information separate from eBay and eBay has no evidence that any PayPal data was compromised.

eBay began notifying users email, site communication, and other means to change their password.

Be very suspicious of fraudulent scam ("phishing") email messages with links to change your password.  The links could be a scam to steal your username and password.  Only go to the eBay site by typing in the address in your web browser (better yet, type it in a search using a browser with a web reputation plug-in such as WOT, McAfee SiteAdvisor, or AVG LinkScanner to prevent a typing mistake from sending you to a squatter site).

When you change your password, change it to something secure (complex).  Make it hard for someone else to guess, but easy for you to remember.  Don't use your username, your name, telephone number, street address, date of birth, any word in the dictionary, patterns such as "qwerty", "123456", "abc123", "111111", or "password1".  Make it eight characters or longer; longer is better.  Make it a mixture of character types, upper case letters, lower case letters, numbers, and special characters.  A good way to make a password more complex and secure but easy to remember, is to make a pass phrase and use a letter or symbol for each letter in the phrase.  For example the phrase "I like to go to the beach every Friday." becomes "[email protected]"

When resetting your password, be careful about answers to self-service password reset security questions like "What is your mother's maiden name?", “Where did you go to school?”, or “What is your favorite color?”.  These questions are easy to find the answers by mining social media sites or searching the Internet and hard for you to remember.  A hackers can find the answers to the site to reset your password to a password the hacker can then use.  (Sarah Palin's Yahoo! email password was reset by a hacker in the 2008 presidential election using publicly available information.)  Instead I suggest lying when answering the security questions.  But remember what Abraham Lincoln said, "No man has a good enough memory to be a successful liar."

If you used the same password at other sites, change the password at those sites as well.  Using the same password on multiple sites opens you to attack if your password at one of the sites is compromised as in this case.  Using a different password at each sites is a good practice.

If you have trouble remembering all the passwords, use a password manager such as LastPass, KeePass, RoboForm, or Password Safe.

The attack on eBay happened about three months ago but eBay did not detect the problem until two weeks ago.  A few employees' log-in credentials were hijacked and that provided access to the eBay corporate network.

eBay said that it believes that they have shut down unauthorized access to their site and have put additional measures in place to enhance security.

More Information

eBay Inc To Ask eBay Users To Change Passwords

eBay Blog - to ask users to change password

eBay FAQ on password change

Professional Services

If you need assistance with a security assessment, IT Professional Services can help. Please contact us.

Find out more about our Managed Care service.

To find out how vulnerable your network is schedule a free network security analysis today.

Privacy Policy

© 2009-2013 IT Professional Services All rights are reserved.  (805) 650-6030