Author Topic: Ebay got hacked: change password  (Read 1938 times)

0 Members and 1 Guest are viewing this topic.

Offline Johnnie F.

Ebay got hacked: change password
« on: May 22, 2014, 07:00:50 AM »
Not even Ebay is safe. News are that hackers obtained access to its database and made off with passwords, email adressses, phone numbers, birth dates etc. They say payment info like credit card numbers were still safe.
Fun is the one thing that money can't buy
 

Offline thaiga

Re: Ebay got hacked: change password
« Reply #1 on: May 22, 2014, 12:29:34 PM »

eBay makes users change their passwords after hack-21th may 2014


From the bbc.com

The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.  The company added that it had no evidence of there being unauthorised activity on its members' accounts.

 However, it said that changing the passwords was "best practice and will help enhance security for eBay users".  The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.  It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.

 A spokesman added that the firm's engineers were in the process of rolling out a feature that would oblige members to choose new passwords when they next logged in, which should be live in each of the countries eBay operated in by the end of the day.
Anyone who goes to a psychiatrist should have his head examined.
 

Offline Johnnie F.

Re: Ebay got hacked: change password
« Reply #2 on: May 22, 2014, 01:11:34 PM »
Now I wonder what those hackers will do with my login data: order and pay stuff that gets sent to me? Till now I had to order and pay everything myself.
Fun is the one thing that money can't buy
 

Offline thaiga

Re: Ebay got hacked: change password
« Reply #3 on: May 22, 2014, 01:18:16 PM »
doesn't it own paypal - you might get some contributions ;)
Anyone who goes to a psychiatrist should have his head examined.
 

Offline thaiga

Re: eBay hack: how you can stay safe online
« Reply #4 on: May 26, 2014, 12:05:43 AM »
Hackers have stolen the personal details of 145m customers from eBay, including names, email and postal addresses, phone numbers and dates of birth.

 How worried should you be, what can they do with this data and what steps can you take to limit the damage?

Hackers have stolen the personal details of 145m customers from eBay, including names, email and postal addresses, phone numbers and dates of birth. How worried should you be, what can they do with this data and what steps can you take to limit the damage?

Encrypted passwords were also snatched, so the company is taking the precaution of telling users to choose new ones, even though it’s unlikely they can be deciphered on a wide scale. No financial data has been lost, eBay claims, so any credit card information stored with PayPal is also safe.

The main threat is that the data will be used to commit identity theft and as a handy database for spammers. With those personal details hackers will be able to craft convincing messages which appear to come from eBay, your bank or any other reputable organisation - many people will be fooled into handing over yet more data that exposes them further.

Imagine a nefarious character who spots someone complaining on Facebook about being unable to log-in to online banking. They look up their name in the list of stolen eBay records and find a match; they now have an address, date of birth and phone number which can lend a sense of authenticity to a faked email from the bank requesting account numbers and sort codes in order to resolve the problem. Once this is handed over, the hacker is one step closer to stealing the victim’s money.

Or, in a less targeted attack, they could send 145m people an email purporting to be from a certain bank and requesting that they follow a link and reset their password - the link will point to a fake version of the bank’s website which is there to harvest data. This scattergun approach needs only a tiny percentage of people to comply in order to prove hugely lucrative.

This spam email could also be used to get people to click on links or download files which infect their computers with malware. This could be used for a range of reasons: to send yet more spam email, to mine Bitcoins or even to spy on people through their webcam.

Of course, not everyone will fall for these tricks, but they don’t need to - with 145m records there will be enough who do. Someone will be making a fortune with this data. The stolen details will likely be treated like a commodity, sold and resold on underground websites and used to con money out of vulnerable people by various groups for years to come.

We’ve already seen criminals trying to con each other; several different samples of data purporting to be from the eBay leak have been published online, acting as proof of possession in a form of underground advert which demands money for the full file. We’ve been told by security researchers that this data is old information from previous hacks, crafted to look new. One of these adverts requests payment in Bitcoin - we have investigated and verified that nobody has yet fallen for the trick.

In truth, there is little that can be done about this loss of personal details - the cat cannot be put back in the bag. It is worth checking your credit rating with services like Experian, as an unexpected change in credit rating could be a warning sign that you've become a victim of identity theft.

Changing your eBay password is a vital step which should be taken quickly. You should also change any other website passwords where you've used the same phrase, as hackers will often try the same email and password at other sites knowing that many struggle to remember multiple passwords.

But what should your new password be? The more simple it is, the easier it is to crack.

Often an attacker will use a “brute force” approach, which uses a computer to rapidly try every possible combination of characters until it finds the correct one. Obviously, the shorter a password is, the less time it will take to break. But a long password is both hard to type in and to remember, so a sensible balance must be struck.

Brute force attack software will often use dictionary files that contain regularly used combinations of letters or numbers, inputting them one-by-one until the correct one is found. Some are clever enough to also try common words typed both forwards and backwards, and abbreviations.

So it is advisable to be as random as possible and perhaps use intentionally misspelled or fictitious words. Certainly, choosing names, birth dates or places is not the best way to protect your account.

Microsoft recommends that passwords are at least eight characters long, while many websites will demand that it is made up of both numbers and letters, often both uppercase and lowercase. As much complexity as you can practically live with is advised. Some sites will allow the use of symbols such as %, &, * and #.

It is also advisable to change your passwords regularly, so that if any are exposed, the attacker will only have a limited opportunity to use your account.

One thing worth considering is using a password manager such as LastPass. These products will keep all of your passwords in one place, protected by a master password. They will automatically generate long, secure passwords for you, and prompt you to regularly change them.

If you change your eBay password and have not used the same password for other services, then you should be safe.

telegraph.co.uk
Anyone who goes to a psychiatrist should have his head examined.
 

 



Thailand
Statistics