1. Want to see less ads, private areas and be able to post? Register Today to receive all these benefits and more!
Dismiss Notice

Want to see less ads, post content and the ability to buy & sell Oakleys?

Register Today or Login

  1. cdelly

    cdelly Oakley Beginner

    Messages:
    158
    Trophy Points:
    93
    Shade Station Oakley Sunglasses

    Register to Not see this ad
  2. ShadowBend

    ShadowBend Oakley Beginner

    Messages:
    41
    Trophy Points:
    58
    thanks for the heads up!
     
  3. Oakle y

    Oakle y Something Something Darkside Premium Member Lifetime Member

    Messages:
    1,135
    Trophy Points:
    393
    Good heads up.
     
  4. washi me sensie

    washi me sensie The Oakley R┼Źnin

    Messages:
    9,215
    Trophy Points:
    1,973
    thanks bro!!
     
  5. i am rich

    i am rich The Silly Collector!

    Messages:
    3,184
    Trophy Points:
    673
    So if it is hacked. Then you change passwords. Are not they going to have access to the changed password?
     
  6. OakleyBoss

    OakleyBoss Moderator Staff Member Administrator

    Messages:
    2,683
    Trophy Points:
    703
    No they most likely won't. Since eBay is coming out and saying change them, it means they most likely patched whatever security flaw gave these guys access. But they aren't sure what information they may have(though they said they don't have Credit Cards, PayPal etc.), so its best to just change your password.
     
    i am rich likes this.
  7. No. What happened is an employee login was compromised granting the attackers access to unencrypted usernames, emails, billing addresses, etc, and encrypted passwords. If you change your password the people who stole this data will not have access to the new password.

    Here's the problem. eBay doesn't use hashed passwords, only encrypted passwords. To put it simply an encrypted password is only secure if the hacker doesn't have access to the encryption key, and from the sound of it they may have gotten that access. With a hashed password the server only sends back a "yes or no" when you try to enter the password. With a simple encrypted password, the server actually checks the password entered with a plain text version of the actual password, thus giving away the real password if someone has access to the encryption key.

    What does that mean? If you use the same email and username and password on more than eBay then all those sites are potentially compromised as well and need changed ASAP.

    Pretty major security breach and something eBay should have been better prepared for.
     
    Last edited by a moderator: 5/22/14
  8. Double post sorry.
     
  9. i am rich

    i am rich The Silly Collector!

    Messages:
    3,184
    Trophy Points:
    673
    It is ok, I forgive you. Just do not do it again :p jk