I got e-mail from eBay yesterday (Tuesday), saying that there had been suspicious activity on my account, and that the account was locked, until I changed the password. I haven't bought anything on eBay in a few years. The message said that any charges that my account had incurred had been reversed.
It's probably a sign of the times that I was sure that this was a phishing message. I checked it a whole bunch of ways before deciding that yes, I should change my eBay password. Even so, rather than click on a link in the e-mail message, I went to ebay.com in my browser, and went through the procedure to change my password.
I checked the activity log for my account, and it didn't show anything. So I'm still not sure if this means my account was broken into or used.
If everyone is indeed being asked to change their passwords, then the message I received was a bad way to say it.
What is the point of ebay redirecting HTTPS versions of their site to an HTTP version? They have an EV cert and everything for the login page. Is it spite?
Me too. I've noticed that finding the "change password" option on eBay is always really hard.
On PayPal, it's got really annoying Javascripts that stop you copying and pasting passwords. I use a password manager, so all my passwords are random and unique.
So, will the Board of Directors hold anyone accountable to ?millions? of records being stolen (they have 128 million possible)? For now no CC info was believed lost, but they likely don't have any way to know unless they see fraudulent usage...
My wife quit using eBay when her Paypal account got locked out and she'd have to send a fax to unlock it.
I quit using eBay because the auctions stopped and it wasn't possible to get good deals anymore. The AMZN marketplace works better for most of what I buy and if I want something funky there is always etsy.
This is just one more step in eBay's slow decline.
That's just silly. The headline, the subject matter and the fact that it's on a company domain all add up to plenty of information. The fact that it appears to have been prematurely posted adds more interest.
It's speculation with no information at all. This isn't HN Rumors, and that link doesn't even go to a tweet - it goes to a page full of no information.
Again, it is a very clear message that impacts millions of people and is hosted on a page belonging to the company. There may not be as much information as you'd like, but there's nothing speculative about it.
Many pages on paypal-community.com have a "Powered By Lithium" banner, so they seem to be the folks who wrote the "community forum" software.
http://www.lithium.com/
And they're mentioned in the paypal privacy policy:
https://www.paypal.com/uk/webapps/mpp/ua/privacy-full