Want to see less ads, post content and the ability to buy & sell Oakleys?
Register Today or Login
Discussion in 'Off Topic' started by cdelly, 5/21/14.
thanks for the heads up!
Good heads up.
So if it is hacked. Then you change passwords. Are not they going to have access to the changed password?
No they most likely won't. Since eBay is coming out and saying change them, it means they most likely patched whatever security flaw gave these guys access. But they aren't sure what information they may have(though they said they don't have Credit Cards, PayPal etc.), so its best to just change your password.
No. What happened is an employee login was compromised granting the attackers access to unencrypted usernames, emails, billing addresses, etc, and encrypted passwords. If you change your password the people who stole this data will not have access to the new password.
Here's the problem. eBay doesn't use hashed passwords, only encrypted passwords. To put it simply an encrypted password is only secure if the hacker doesn't have access to the encryption key, and from the sound of it they may have gotten that access. With a hashed password the server only sends back a "yes or no" when you try to enter the password. With a simple encrypted password, the server actually checks the password entered with a plain text version of the actual password, thus giving away the real password if someone has access to the encryption key.
What does that mean? If you use the same email and username and password on more than eBay then all those sites are potentially compromised as well and need changed ASAP.
Pretty major security breach and something eBay should have been better prepared for.
Double post sorry.
It is ok, I forgive you. Just do not do it again jk
Separate names with a comma.