Thread: eBay Security & OpenSSL
If you don't already know, eBay was hacked due to the Heartbleed bug in openSSL. If you haven't done so already, you should change your password at eBay.
This link: Safe Web - Heartbleed Check will allow you to check any HTTPS:// page for the bug.
Ok. I was responding to a media report. I've not had anything formal from eBay :(
But the link is still useful!
If you go to ebay and login, you will be asked to reset your password and this is what they have to say about it:
Keeping Our Buyers and Sellers Safe and Secure on eBay
On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.
We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.
Here’s what we recommend you do the next time you visit eBay:
- Take a moment to change your password. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users have already updated their passwords.
- Remember to always use different passwords on different sites and accounts. If you haven’t done this yet, take the time to do so.
Meanwhile, our team is committed to making eBay as safe and secure as possible. We are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.
Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.
President, eBay Marketplaces
From the Heartbleed website Heartbleed Bug "Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug."
I would like to think ebay would have fixed any bugs in the security of their servers well before now, knowing that the heartbleed bug has been out there for more than 2 years. If they knew and did NOTHING to protect all ebay users, then they should at least compensate all users by giving them back the fees charged for the last 2 years as they have left us all vulnerable to data theft and not provided a secure service for which they charge their fees.
The problem was that no one new about it over that time, it was discovered not so long ago while some guys worked on something else.
Last edited by Lee Roberts; 25-05-2014 at 03:09 PM..Me
I haven't seen anything official to suggest that eBay was compromised by the Heartbleed bug, and the reports I have seen appear to say that eBay was pretty quick in to install the fix. This looks like a different issue.
there is much more to this than gets publicised, its not just the heatbeat bug, its a number of disclosures over the past 18 months over purpose built in holes in security standards, all converging. remember google, yahoo, microsft got hacked a few months ago aswell. If they got the databases you can guarantee they broke the encryptions.
I wander when apple is going to fess up
And if anyone thinks the introduction of heartbeat was accidental, and not forced by NSA and the like, should look at the dates relative to they dates they got access to the intercommunication of google ssl servers, as published by Edward Snowdon
Last edited by george uk; 25-05-2014 at 11:19 PM.
George, if you get time and havnt already, watch this: Mikko Hypponen - How the nsa betrayed the worlds trust, time to act. I think you may find it intresting.
Last edited by Lee Roberts; 25-05-2014 at 11:44 PM..Me
By cubikoman in forum Machine DiscussionReplies: 4Last Post: 08-02-2015, 08:02 PM
By alboy in forum Marketplace DiscussionReplies: 9Last Post: 23-09-2013, 11:51 AM
By Robin Hewitt in forum Computer SoftwareReplies: 4Last Post: 22-08-2010, 05:13 PM
By irving2008 in forum General DiscussionReplies: 2Last Post: 17-07-2010, 08:48 PM
By irving2008 in forum General DiscussionReplies: 4Last Post: 22-01-2010, 08:33 PM