e-bay hack (9)

May 21, 2014 9:54 AM CST e-bay hack
Phoenix
PhoenixPhoenixBelfast....., Antrim Ireland274 Threads 65 Polls 6,948 Posts
eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."





From what I understand the server containing bank info hasn't been 'cracked'. But the server contains names, addresses, DOBs.. If you use the same pass word for other accounts, I might be a good idea to change them....
May 22, 2014 5:27 PM CST e-bay hack
dateadave
dateadavedateadavelimerick, Limerick Ireland7 Threads 3 Polls 95 Posts
Phoenix: eBay's morning just went from bad to worse. The e-commerce site confirmed Wednesday that its corporate network was hacked and a database with users' passwords was compromised. While eBay says there is no evidence that users' financial information was accessed in the hack, the company is telling all users to change their passwords.

eBay contacted CNET after this story was initially published, saying it discovered "recently" that it was a victim of "a cyber attack on our corporate information network, which compromised a database containing eBay user passwords." The company's spokesperson told CNET there is "no evidence that any financial information was accessed or compromised."

what I understand the server containing bank info hasn't been 'cracked'. But the server contains names, addresses, DOBs.. If you use the same pass word for other accounts, I might be a good idea to change them....


Ta Phoenix,


People should use keepass + Dropbox/google drive

For those that don't know keepass is a piece of encryption software that designed to manage logins & passwords. It stores and encrypts your passwords so when you need them it can copy and paste them into a login screeen. Save the keepass file on dropbox then whenever you need to change a password update the keepass database and dropbox will sync the file across all devices. All you have to remember are two different passwords; one for dropbox and one for keepass. Make all passwords strong (as long as possible, containing lower and upper case letters, symbols and numbers).

IMHO this is the securest way to manage the passwords for facebook, google, amazon, ebay, microsoft, linkedin, twitter, paypal, skype, online banking etc....

hope some people find this info useful
May 23, 2014 7:24 PM CST e-bay hack
DazzleDaze
DazzleDazeDazzleDazea river bog hill road, Meath Ireland4 Threads 1 Polls 264 Posts
dateadave: Ta Phoenix,People should use keepass + Dropbox/google drive

For those that don't know keepass is a piece of encryption software that designed to manage logins & passwords. It stores and encrypts your passwords so when you need them it can copy and paste them into a login screeen. Save the keepass file on dropbox then whenever you need to change a password update the keepass database and dropbox will sync the file across all devices. All you have to remember are two different passwords; one for dropbox and one for keepass. Make all passwords strong (as long as possible, containing lower and upper case letters, symbols and numbers).

IMHO this is the securest way to manage the passwords for facebook, google, amazon, ebay, microsoft, linkedin, twitter, paypal, skype, online banking etc....

hope some people find this info useful


and what if keypass gets hacked....or the webmaster sells the info? Well that'd be sad...mumbling
May 24, 2014 1:27 AM CST e-bay hack
Phoenix
PhoenixPhoenixBelfast....., Antrim Ireland274 Threads 65 Polls 6,948 Posts
DazzleDaze: and what if keypass gets hacked....or the webmaster sells the info? Well that'd be sad...


Exactly. A simple MitM attack and you'd have all the passwords.
May 24, 2014 1:42 AM CST e-bay hack
dateadave:

IMHO this is the securest way to manage the passwords for facebook, google, amazon, ebay, microsoft, linkedin, twitter, paypal, skype, online banking etc....

hope some people find this info useful

Here's the thing though... the passwords were hacked out of ebays own servers. No amount of user end protection was going to stop that from happening. It doesn't matter what level of complexity the password would have been.

There's been a long line of cyber security breaches now. Clearly, even the biggest names in the business cannot guarantee our privacy. And I don;t even have to mention the American's/NSA and their European collaborators.
May 24, 2014 4:27 AM CST e-bay hack
peachmelba
peachmelbapeachmelbawexford, Wexford Ireland72 Threads 9,779 Posts
The passwords are sent to the island Lost.
May 24, 2014 6:29 AM CST e-bay hack
Phoenix
PhoenixPhoenixBelfast....., Antrim Ireland274 Threads 65 Polls 6,948 Posts
MADDOG69: Here's the thing though... the passwords were hacked out of ebays own servers. No amount of user end protection was going to stop that from happening. It doesn't matter what level of complexity the password would have been.

There's been a long line of cyber security breaches now. Clearly, even the biggest names in the business cannot guarantee our privacy. And I don;t even have to mention the American's/NSA and their European collaborators.



A good cracker (they crack they don't hack) are worth their weight in gold to some people. And as MD pointed out, internet security is a thing of the past (if it ever existed in the first place)..
May 24, 2014 1:59 PM CST e-bay hack
dateadave
dateadavedateadavelimerick, Limerick Ireland7 Threads 3 Polls 95 Posts
Phoenix: Exactly. A simple MitM attack and you'd have all the passwords.


Before I start I would like state, as some others already have, that nothing is 100% secure.

However,
Keepass isn't a website...
A man in the middle attack is not applicable against keepass because it is a application that runs locally on your device and the password is not sent over a network. A man in the middle attack could capture the login details for dropbox but without the password for the keepass database they would only be able to decrypt the file by:

1) brute force it - Keepass uses 256bit AES encryption which means even with a really fast computer you're talking billions of years to crack.
or
2) getting the keepass password by some other means such as a keylogger, but if there's a keylogger on your computer and you're not using keepass then your passwords are gone all the same.

If you want to add a third stage of authentication you can also use a key file to unlock the keepass database so that the the database can only be opened on devices that have that file stored locally.

Furthermore personal devices just aren't as visible or tempting a target as commercial websites.

I can understand people's skepticism (I was too at first) so don't take my word for it read about for yourself.







My point is that a lot of people use weak passwords or the same password for everything because humans ain't too good at remembering stuff like

?;9V* %0&86Ew41^z]D ( )

Keepass allows you to manage multiple different, long, complex passwords like the one above, it's secure and widely used in many corporate environments and throughout the technology industry.

My post was meant to inform and provide a simple solution to a common problem experienced by a lot of people.
May 24, 2014 2:08 PM CST e-bay hack
dateadave
dateadavedateadavelimerick, Limerick Ireland7 Threads 3 Polls 95 Posts
MADDOG69: Here's the thing though... the passwords were hacked out of ebays own servers. No amount of user end protection was going to stop that from happening. It doesn't matter what level of complexity the password would have been.

There's been a long line of cyber security breaches now. Clearly, even the biggest names in the business cannot guarantee our privacy. And I don;t even have to mention the American's/NSA and their European collaborators.


All the more reason to use Keepass & Dropbox...

Breaches like this aren't going to stop. Get used to changing your passwords. If they're in keepass you'll spend a lot less going through the the whole reset your password process that most of these sites have because you changed the password 3 months ago and now can't remember what the hell it was.
Post Comment - Post a comment on this Forum Thread

Stats for this Thread

930 Views
8 Comments
by Phoenix (274 Threads)
Created: May 2014
Last Viewed: just now
Last Commented: May 2014

Share this Thread

We use cookies to ensure that you have the best experience possible on our website. Read Our Privacy Policy Here