• Take 30 seconds to register your free account to access deals, post topics, and view exclusive content!

    Register Today

    Join the largest Oakley Forum on the web!

Change Your EBay Passwords!!

So if it is hacked. Then you change passwords. Are not they going to have access to the changed password?

No they most likely won't. Since eBay is coming out and saying change them, it means they most likely patched whatever security flaw gave these guys access. But they aren't sure what information they may have(though they said they don't have Credit Cards, PayPal etc.), so its best to just change your password.
 
So if it is hacked. Then you change passwords. Are not they going to have access to the changed password?
No. What happened is an employee login was compromised granting the attackers access to unencrypted usernames, emails, billing addresses, etc, and encrypted passwords. If you change your password the people who stole this data will not have access to the new password.

Here's the problem. eBay doesn't use hashed passwords, only encrypted passwords. To put it simply an encrypted password is only secure if the hacker doesn't have access to the encryption key, and from the sound of it they may have gotten that access. With a hashed password the server only sends back a "yes or no" when you try to enter the password. With a simple encrypted password, the server actually checks the password entered with a plain text version of the actual password, thus giving away the real password if someone has access to the encryption key.

What does that mean? If you use the same email and username and password on more than eBay then all those sites are potentially compromised as well and need changed ASAP.

Pretty major security breach and something eBay should have been better prepared for.
 
Last edited by a moderator:

Latest Posts

Back
Top