Jump to content

Ebay hacked

sonik1965

By sonik1965
in Not Dance

 Share

Recommended Posts

Melody

Melody

Posted
Posted

Honestly, they keep on about having a strong password with so many numbers and symbols that you don't have a hope of ever remembering your own password, but it's getting like a sick joke when you're congratulated on having chosen a strong password. Because five minutes later, hackers can break into the company database and help themselves to encrypted passwords and break the encryption with great ease. So really, what does "strong password" mean any more?

Link to comment
Share on other sites
Melody

Melody

Posted
Posted (edited)

I'd changed my eBay password recently (as a result of a hack of another site I used the same password for), but still yesterday when I tried to sign into one of the eBay forums, I was made to change it again. So I used a combination of capital and lowercase letters, numbers, and symbols, and the site told me the password was only medium strength. I mean, the bloody nerve of these people. I had a password before that was considered strong, and it made no difference because these days hackers can undo encryptions. Strikes me that the weakness is in eBay (or even in the whole password system), not the members.

 

Sooner or later all these sites, especially the ones where you have to give credit card information, will have to do something to replace the current system of passwords, because it obviously isn't secure now that encryptions can be hacked.

Edited by Melody
  • Like 2
Link to comment
Share on other sites
sonik1965

sonik1965

Posted
  • Author
Posted

BEWARE!!!

 

As I mentioned the other day, I've already changed my password.

 

Odd, then, that today I have received an email (purporting to be from Ebay) asking me to change my password urgently by "following this link..."

 

Oh yeah?

its just ebay being late with informing ppl about the hack

Link to comment
Share on other sites
Lisa O`Brien

Lisa O`Brien

Posted
Posted

I got an email form them telling me to change my password which I did. I then a few days later got another one telling me to change my password.Thought it was a bit iffy,but then read if you have recently changed your password,ignore this message.

Link to comment
Share on other sites
Melody

Melody

Posted
Posted (edited)

That would be fine unless you use the eBay message boards, which require a password change if you want to carry on using them. The annoying thing is that the leak was plugged some weeks before that, and I happened to have changed my eBay password just a couple of days before all these "change your password" demands came out, but they still made me change it again. Since they keep a record of when passwords are changed, they could have done things so that people who'd changed passwords within the last couple of weeks wouldn't have to do it again. But eBay doesn't seem to have grasped the concept of making life easier for its members when it can make it more difficult.

Edited by Melody
Link to comment
Share on other sites
trog

trog

Posted
Posted

Beware if you access your ebay account from more than one computer. Here is what happened to me.Thursday of last week, I tried to login from home and I was presented with a message to phone customer support and quote a security code. Did this no problems. Next day, I came into work and was presented with the same screen. After 1/2 hour on the phone, they reckoned they couldn't grant me access to my account, as they couldn't prove who I was. I would have to phone in again later from home and they would sort it. I phoned in and they granted me access. In all three cases, they said I could get in using my secret question. Well you could if the system gave you the chance to do this. On Friday, their customer services bod said they were tracking machine id's from where you access your account. Can you see the problem here? If you access your account from many machines, which I do, I'll have to phone them for each and every machine, that I use. Friday, they said they had "cleared the flag" and I could access my account again. Yes, I could over the weekend, but yesterday morning at work, I again got the screen to phone them and quote the security code. When I phoned in, the system said "Please stay on the line and your call will be answered shortly. Your estimated wait time is 138 minutes." I missed out on an item I was bidding on too.
 
We are encouraged to use strong passwords, with a mix of letters and numbers. How can you remember them, without writing them down.  You can't, but you can "write" them down securely. Here are a couple of ideas :

  • Install keepass on your system. It stores your passwords in an encrypted database. You only have to remember one password to access the rest. You don't even need to know what the password you are using for the website is, as keepass can fill the login boxes for you. Best of all, it's free and it works on Linux, MACs and Windoze. A similar option is lastpass which again works on all platforms and mobile devices too. I have used keepass at work for the last 5 years or so.
  • Print out and laminate a password card. Keep it in a secure place (your wallet is good) and use it to generate passwords. If you do use a password card, be sure to follow the precautions on their site! We encourage the students at the college where I work to have one and I have seen them in use.
  • Like 4
Link to comment
Share on other sites
Melody

Melody

Posted
Posted (edited)

The problem with something like keepass is that apparently hackers are breaking password encryptions now. I had a long password, mixture of all sorts of letters and numbers and symbols, at AOL, yet hackers got into my account along with several million others back in April because they got into the AOL password database and broke the encryptions. Then a few weeks later eBay sheepishly owned up that its database of encrypted passwords had also been compromised. So these days it seems as though it doesn't matter how complicated your password it - you're the only person who can't remember it, the hackers can get hold of it perfectly easily. So you might just as well just use your cat's name or your date of birth or the word "password" because to the hackers it's no less complicated than zj9Y&k#)*2Mz5$Q&3L^! and it's a lot more convenient for you.

 

Plus I assume that somewhere the hackers have a database, being shared and sold and bought among themselves, of information including passwords and security questions and answers, for everyone whose account at one of these large online sites has been hacked, which these days is practically everyone. Which means that you can never re-use a password, and it also means that security questions and answers are basically useless because they're the same few questions at most sites. If the hackers get my dog's name and my mother's maiden name from one site and stick it in their database, it's no longer a security question at other sites, it's just the illusion of security.

 

If this carries on, large online sites, especially ones that sell stuff and need credit card information, are going to have to replace the password system with something more secure. The security of "strong" passwords, that apparently can't be decrypted in 50,000 years of trying, is a thing of the past.

Edited by Melody
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...