Jump to content

Mardi13

Recommended Posts

  • Replies 34
  • Created
  • Last Reply

Top Posters In This Topic

  • KBeezie

    9

  • Komitadjie

    6

  • Ghost Plane

    3

  • Mardi13

    3

Top Posters In This Topic

Thanks Mardi, I hadn't seen this anywhere else. Passwords changed.

 

Bruce in Ocala, Fl

Link to comment
Share on other sites

Heard about this on the radio this morning. Happened months ago apparently.

''You can't stay in your corner of the forest waiting for others to come to you. You have to go to them sometimes''. A A Milne

Link to comment
Share on other sites

Yeah but they didn't bother to announce it months ago. Harrumph.

Link to comment
Share on other sites

Yeah but they didn't bother to announce it months ago. Harrumph.

 

They didn't catch it until a couple of weeks ago. Better to wait until you know what was compromised, or not, before making an announcement. Hair trigger responses can do more damage than good.

spacer.png
Visit Main Street Pens
A full service pen shop providing professional, thoughtful vintage pen repair...

Please use email, not a PM for repair and pen purchase inquiries.

Link to comment
Share on other sites

adjusted mine when the heartbleed info posted.. then told that was the worst time to change.. who knows these days?

Cnet/downloads.com used to be the safe/tested site... now nix no nadda, you must download malware junk toolbars, Even After reading the eulas, and clearly tickking NO... read on they dismiss your Clear No, and added the junk anyway, unless you tick NO a second time, then sometimes add it anyway.

Same with once solid AVG, gotta add the malware toolbars, even though ticked NO.

Same with Goog, some great ideas, but they don't own me or the private classroom outing shots taken with permission,and aways set to private. they reset to to public, I rest to private then found public elsewhere, and Deleted, and Still OUT there. No hangouts, or other goog services but Goog won't let me leave entirely if I want to access maps for my job. What a ruin and racket, of a once promising idea.

My life, though with a few interesting areas holds zero issues against anyone or any agency, let this person have their privacy, and sweet retirement memory photos.

sleepy person rant leveled.

will rearrange the password, as if it helps, tomorrow.

Link to comment
Share on other sites

They urge new passwords, yet I never got an email notification from ebay, nor a notification when I went to visit my profile. Not very heavy on the urging.

 

I wonder if the leak also includes paypal information?

Edited by KBeezie
Link to comment
Share on other sites

Doubt it, but I changed that too, just to be on the safe side. And bear in mind, all they would have gotten would be the password HASHES. If you have a DECENT quality password, you still have a pretty good chance of being secure. Certainly long enough to go change your PW anyway.

Link to comment
Share on other sites

 

I wonder if the leak also includes paypal information?

 

According to the NYT article, no. Supposedly all the customer financial data was in another location.

 

Bruce in Ocala, Fl

Link to comment
Share on other sites

Doubt it, but I changed that too, just to be on the safe side. And bear in mind, all they would have gotten would be the password HASHES. If you have a DECENT quality password, you still have a pretty good chance of being secure. Certainly long enough to go change your PW anyway.

 

That's what Target said at first, but then the decryption key used to undo those hashes were also compromised including pin numbers. So usually if there's a compromise I assume nothing is safe.

 

Do companies like that ever get fined for such a compromise (especially in Target's case where their setup was not PCI compliant).

 

It's also just like how WHMCS (the billing panel that most websites uses now days) was compromised and they said the exact same thing, except their database was on the exact same server as the cc_decryption key value in a config file on the same website, so all of that info was easily reversed (and I checked the leaked data, indeed all my info was reversed in that dump). Course they're in Britain so I don't think the PCI Compliance applies to them, and they claimed to have separated the forums/support from the billing systems on their own server... by simply moving it to another cpanel account on the exact same server.

 

(long story short, they say a lot to add reassurances, but a lot of times it ends up being BS).

Link to comment
Share on other sites

I've not had any notification from ebay about this. There is not even any mention of it on their log-in page! :gaah:

Whatever is true,whatever is noble,whatever is right,whatever is pure,whatever is lovely,whatever is admirable - if anything is excellent or praiseworthy - think about such things.

Philippians 4.8

Link to comment
Share on other sites

I saw mention of this on another thread earlier this evening. But this was *after* I tried to log on to Ebay and got the message saying to reset the password. Of course, in order to do so, one had to get to customer support... which involved, well, logging on.... :gaah:

Tried again about an hour or so ago and had no problems. But reset the password anyway. Of course it's now going to take weeks for me to remember the new one.... :wallbash:

Yeah, I'm with KBeezie and Lorna Reed on this one. They had no problem sending me updates that said "Hey, X item has been relisted" and I get mail from them and/or Paypal all the time going "wanna sign up for our longterm payment program?" or whatever the heck they call it (uh, no, not really actually, even if I can get $10 off my next purchase -- this is *not* the time I want credit agencies rooting around my finances...).

Ruth Morrisson aka inkstainedruth

"It's very nice, but frankly, when I signed that list for a P-51, what I had in mind was a fountain pen."

Link to comment
Share on other sites

About 10 minutes ago, ebay UK put an "Important - Password Update" notice on the website. Of course, as inkstainedruth says, you have to log on to change your password. :angry:

Whatever is true,whatever is noble,whatever is right,whatever is pure,whatever is lovely,whatever is admirable - if anything is excellent or praiseworthy - think about such things.

Philippians 4.8

Link to comment
Share on other sites

About 10 minutes ago, ebay UK put an "Important - Password Update" notice on the website. Of course, as inkstainedruth says, you have to log on to change your password. :angry:

Of course you have to. I would not have it otherwise, else any nitwit could simply change my passwords. This way they record from which URL the password-change originated, in case of complaints.

 

 

D.ick

~

KEEP SAFE, WEAR A MASK, KEEP A DISTANCE.

Freedom exists by virtue of self limitation.

~

 

 

 

Link to comment
Share on other sites

Got no notice either. But when I did reset, they emailed confirmation that gave the ISP the password change came from.

 

Not happy about no notice

Link to comment
Share on other sites

 

That's what Target said at first, but then the decryption key used to undo those hashes were also compromised including pin numbers. So usually if there's a compromise I assume nothing is safe. ...

 

Good point, and I'm certainly not advocating leaving something alone after a breach, good god no! Fortunately, not ALL that many companies are dumb enough to store the hashkey on the same server as the passwords themselves, and if you choose a good password, it should survive rainbow-bridge crack attempts at least long enough for you to get to your computer and change it. Something worth doing is going and checking the fairly common 'leaked password' lists, and making sure yours isn't on the top-thousand list!

Link to comment
Share on other sites

 

Good point, and I'm certainly not advocating leaving something alone after a breach, good god no! Fortunately, not ALL that many companies are dumb enough to store the hashkey on the same server as the passwords themselves, and if you choose a good password, it should survive rainbow-bridge crack attempts at least long enough for you to get to your computer and change it. Something worth doing is going and checking the fairly common 'leaked password' lists, and making sure yours isn't on the top-thousand list!

 

And I agree, though I have come across some companies that actually make it difficult to come up with a good password. Huntington Bank for example doesn't allow for any special characters, it's strictly alphanumeric (only letters or numbers), when just a simple symbol would increase password strength significantly in terms of possible combinations, especially for passwords above 6 digits.

Edited by KBeezie
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now







×
×
  • Create New...