Shit. I actually have an ebay account. Oh, well.
I saw that this morning and changed my eBay password.
I have an eBay account but haven’t accessed it in a few years. Screw it. And them. I don’t see why I should attempt to log-in, probably having to reset my password, in order to change my password.
Hey, I don’t remember bidding $55 million on a Hummel figurine!
This is my chance to buy that Marilyn Monroe/Venus de Milo mash-up lamp I’ve been wanting for the living room and tell my wife it must have been eBay hackers.
And then why, she’ll ask, did they ship the damn thing to us?
They were hoping to steal it off the porch before we brought it in.
Heh heh heh…
And the good news is, since you didn’t order it, you don’t have to pay for it. Win!
Really? That’s the lamp you want? Not this one?
I logged in and changed my password, then was told that the credit card associated with my account had expired. Win!
Saw it, and changed my password.
As I was looking at the password requirements, I was thinking that it doesn’t need to be some agglomeration of letters and numbers - it doesn’t matter what my password is, some hacker is just going to break into their system and get it anyway! Might as well just use “123456”*
*No, that’s not my password for anything.
Thanks for the heads up JohnT.
Great, I’m glad someone started this thread. Did anyone get any notification from eBay? I haven’t. My eBay password was too insecure anyway.
Actually, does eBay store credit card information? I thought only PayPal does that. They said the breach occurred in Feb-Mar, and they only just found out! I’d think the damage has been done.
I wonder if there’s a problem with PayPal. But I don’t remember my passwords for either one.
According to an SEC filing filed yesterday, they were to begin notifying users by email “later today” (so it should have started by now). I haven’t gotten a notification yet.
In this article, it’s mentioned that they’re investigating the breach.
Emphasis mine.
sigh
I have the same thing on my matched luggage!
Ok phishers are capitalising by sending out password reset emails with phishing links. That’s actually quite smart. https://www.facebook.com/eBay/posts/10152893732898136
“Don’t be fooled: The authentic eBay password reset email will not have any embedded links. If you get an unsolicited email that appears to be from eBay that does contain links, DO NOT CLICK but instead DELETE, as it could be a phishing attempt. You can reset now at eBay.com.”
Also, eBay’s password reset method is… unorthodox. There’s no password reset page. You have to give them your user ID or email, and they’ll send you a reset link. It’s like they only have a forgotten password reset.
I think that’s because the passwords (or their hashes) are already out there somewhere. Someone who already has your password would be able to retain control of your account if the reset page started with the existing password.