ebay news .. for real ?
- Thread starter redbenjoe
- Start date
- Status
Beosystem10
Member (SA)
DO NOT under any circumstances change your eBay password(s), including those for eBay subs such as PayPal, Gumtree and GSI, until after eBay has concluded its work to secure the affected accounts as their security is minimal during the work and this would be the worst possible time to change any personal settings because [eBay] still haven't found the sources of their leak. Any activity by members would only serve to draw the attention of the hackers to that member's information and at this stage could well reduce security, not reinforce it.
That was the gist of the email sent out by Vodafone to its Plusnet "V@H" broadband customers early this morning. eBay is aware of the above but has elected not to revise their ill-judged advice.
So don't change that password, not yet.
That was the gist of the email sent out by Vodafone to its Plusnet "V@H" broadband customers early this morning. eBay is aware of the above but has elected not to revise their ill-judged advice.
So don't change that password, not yet.
Lasonic TRC-920
Moderator
JustCruisin
Member (SA)
Beosystem10
Member (SA)
Here; password untouched, no message. Maybe it's only the UK whose ISPs have successfully fought this attempt by eBay to drag us down with them, but think about it; they don't yet know who's responsible which means that the exploit remains open and that any attempts made to change details during this attack can be exploited. No account activity = nothing that can be flagged by the bad guys.Reli said:
But ultimately, neither I nor the combined clout of the service provision industry can prevent anyone's walking right into a trap if they're sufficiently determined to be a sheep and do as eBay says - even when their advice is so massively flawed and will cause a security issue where none exists in the cases of those who reload and carry on, secure as before..
BoomboxLover48
Boomus Fidelis
hahahahahaha LOLredbenjoe said:
ok --thanks
----------------------
i just changed it--
now using superdupers password -- bc his credit rating was so much more substantial
BoomboxLover48
Boomus Fidelis
Beosystem10
Member (SA)
Perhaps unsurprisingly, email has started to go out to eBay users from some suspect source that would, in cases of anyone who can't see right through it, grab the new passwords of those who blindly followed the advice it contains.
The one I had starts "Dear eBay customer", this immediately gives it away as a phishing trip by the [child, probably] whose work caused the original breach back in March and confirms that the advice to change passwords is in fact not legit.
Heather, trusting soul as she is, is working in the Schiehallion Field at the moment, on one of her company's decommisioning jobs, so imagine how pissed off she was when - having fallen for the spoof "change your passwords" email - she found that not only had her eBay seller account suddenly sprouted a dozen high value listings in the property section but had also taken on a life its own and wouldn't respond to the new password she'd been mug enough to set, leaving muggins here, back on dry land and with a landline-based broadband connection, to communicate with eBay in order to put this right. The woman in eBay's Dublin call centre reckoned that mine was the latest of at least a thousand similar calls from the .co.uk and .ie eBay sites from those who had fallen for this email.
The apology her account received - this genuinely from eBay and obviously calling her by her name rather than "eBay customer" - came within seconds and offers her a discount on future listing fees for an as yet unspecified period, a cancellation on the fees for the spurious listings which involved several hice and some agricultural land with rights and planning permission and that apology, almost pathetic had it not been for her near miss with several tens of thousands in fees for stuff she doesn't own and hadn't been selling!
CQ out has never looked like a more attractive proposition. The Isle of Wight, off the south coast of Hampshire, has had its own alternative to eBay for a good few years now (Wightbay) and other regional services are now springing up to take on existing eBay business as people grow sick of [eBay's] incompetence. Add to this eBay's current legal troubles that they caused themselves by trying to make a charge for sellers' postage fees - this illegal as only the service provider has the right to take money for handling the mail - and it looks as though the auction site's future in the UK and RoI is very uncertain. Serves the buggers right for being too greedy.
The one I had starts "Dear eBay customer", this immediately gives it away as a phishing trip by the [child, probably] whose work caused the original breach back in March and confirms that the advice to change passwords is in fact not legit.
Heather, trusting soul as she is, is working in the Schiehallion Field at the moment, on one of her company's decommisioning jobs, so imagine how pissed off she was when - having fallen for the spoof "change your passwords" email - she found that not only had her eBay seller account suddenly sprouted a dozen high value listings in the property section but had also taken on a life its own and wouldn't respond to the new password she'd been mug enough to set, leaving muggins here, back on dry land and with a landline-based broadband connection, to communicate with eBay in order to put this right. The woman in eBay's Dublin call centre reckoned that mine was the latest of at least a thousand similar calls from the .co.uk and .ie eBay sites from those who had fallen for this email.
The apology her account received - this genuinely from eBay and obviously calling her by her name rather than "eBay customer" - came within seconds and offers her a discount on future listing fees for an as yet unspecified period, a cancellation on the fees for the spurious listings which involved several hice and some agricultural land with rights and planning permission and that apology, almost pathetic had it not been for her near miss with several tens of thousands in fees for stuff she doesn't own and hadn't been selling!
CQ out has never looked like a more attractive proposition. The Isle of Wight, off the south coast of Hampshire, has had its own alternative to eBay for a good few years now (Wightbay) and other regional services are now springing up to take on existing eBay business as people grow sick of [eBay's] incompetence. Add to this eBay's current legal troubles that they caused themselves by trying to make a charge for sellers' postage fees - this illegal as only the service provider has the right to take money for handling the mail - and it looks as though the auction site's future in the UK and RoI is very uncertain. Serves the buggers right for being too greedy.
Beosystem10
Member (SA)
Must just be some countries then, here the only messages we're seeing are the hopeful phishing ones and although there's a very convincing screen that comes up if the link is clicked, it can be ignored simply by opening an eBay page from the Safari (or Firefox, Chromium and Konqueror) cache.
Maybe they're observing our laws after all that trouble they had with the idea of paying tax and their not believing that the law could possibly apply to them. (It does if they trade in a UK country, even if they register to trade in another).
I hope that places where they're being allowed to force the issue in this way survive the potential hacking spree that can come with the attention drawn by account activity, account activity such as changing a password and thereby leaving oneself wide open to attack.
Yes, it's good practice to change passwords every so often but not when an exploit remains active as in the eBay case, then the safe way forward is to sit it out and wait. Either way, this should at least force a rethink of eBay's greedy and in many cases illegal charging policies, these are said to be the reason that the original exploit was created. In February! In other words they've known that they'd been attacked for four months and only just decided to take action, by panicking and causing hundreds of users to panic too.
Maybe they're observing our laws after all that trouble they had with the idea of paying tax and their not believing that the law could possibly apply to them. (It does if they trade in a UK country, even if they register to trade in another).
I hope that places where they're being allowed to force the issue in this way survive the potential hacking spree that can come with the attention drawn by account activity, account activity such as changing a password and thereby leaving oneself wide open to attack.
Yes, it's good practice to change passwords every so often but not when an exploit remains active as in the eBay case, then the safe way forward is to sit it out and wait. Either way, this should at least force a rethink of eBay's greedy and in many cases illegal charging policies, these are said to be the reason that the original exploit was created. In February! In other words they've known that they'd been attacked for four months and only just decided to take action, by panicking and causing hundreds of users to panic too.
JT Techno
Member (SA)
I'm confused ... are you saying this on the real eBay UK site is a spoof too ... looks legit to me :-?
http://www.ebay.co.uk/reset/?&srcAppId=3564&ru=https://m.ebay.co.uk/signin?redirectUrl=http://m.ebay.co.uk/&from=reset
I am guessing it is a real request by eBay but there are also phishing emails going out too from non legit sources with links that lead people back to a spoof eBay site to get them to think they are changing their eBay password, when in fact they are actually giving their current password to somebody who then goes into the real site and misuses it.
So I guess best advice is to only follow the advice/links on the real sites and not be duped by the phishing emails/links - would you agree?
http://www.ebay.co.uk/reset/?&srcAppId=3564&ru=https://m.ebay.co.uk/signin?redirectUrl=http://m.ebay.co.uk/&from=reset
I am guessing it is a real request by eBay but there are also phishing emails going out too from non legit sources with links that lead people back to a spoof eBay site to get them to think they are changing their eBay password, when in fact they are actually giving their current password to somebody who then goes into the real site and misuses it.
So I guess best advice is to only follow the advice/links on the real sites and not be duped by the phishing emails/links - would you agree?
- Status