Email from eBay

Page 1 of 2  
It starts out :
IMPORTANT: PASSWORD UPDATE
Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.
Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.
Well , I changed my password a day or two ago , but it's nice that eBay is closing the gate . Too bad it's after all the horses have escaped .
--
Snag



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 6:37 PM, Terry Coombs wrote:

Expect more to happen. If one human can encrypt it, another will eventually unencrypt it. There is gold to be mined.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Oren wrote:

Signed by "Devin Wenig , President , eBay market place" . And , hey , it's only 3 days after the MSM broke the story !
--
Snag



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Ed Pawlowski wrote:

Yeah , well let's hope it ain't MY gold , I barely have enough to meet my own needs .
--
Snag



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 5:37 PM, Terry Coombs wrote:

Here's my response:
Mr. Wenig,
If you truly gave a damn about your customers' trust and security, the very FIRST thing you would have done was send this email to us. Instead, we get it 48 hours AFTER the media is talking about and analyzing it.
I heard about it around 6:00AM on May 22nd (no thanks to eBay) and when I went to the website there was nothing mentioned. When I logged in and checked my eBay messages there was no mention of it. Apparently I could have found an auction for a 18K solid gold Siamese cat with one testicle with a "Buy it Now" price of $12.76 and free shipping.
It was not until I went to change my password of my own volition that I received a popup telling me that was a good thing to do. Well, DOH!
Other said that there was a pop up on the main page when the went to the site at about the same time as others, and yet, others complained - as I did - that there was absolutely nothing on the site.
I tried several times early Thursday morning to find that elusive warning popup without success. I even rebooted the computer one and tried accessing the site with BOTH Firefox and IE. It was not until I logged on about 12 hours later that the popup appeared on the main page when I browsed to your site.
I understand that you can only do so much to prevent this sort of nonsense and, I applaud your company for its success in preventing this crap in the past. I don't fault you for this breach as I simply don't have enough facts in hand to judge whether eBay bears any responsibility or negligence in the matter.
I do know and I strongly suspect that I'm in the majority... Your users/customers are concerned about the slip shod manner in which you addressed this issue.
This might be an interesting topic for the annual stockholders meeting. I and my friends don't own enough shares in EBAY to cause a blip in the daily trades even if they were carrying the percentages out to 125 places to the right of the decimal point so a threat to sell off would be meaningless, but... It only takes a single share to have standing to raise hell over this cluster...
"Nasty letter to follow"<g>
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Well they havent' written me yet. Maybe they know I'm not respnonsive.
I'll tell you an ebay story, though. 6 years ago I was in Europe and my new used laptop needed a new battery. I bought one from Hong Kong and it said 15 days or something for delivery. I waited and when it was longer and it didnt' come, I went looking. I found that my Paypal charge had gone through and then been reversed a couple days later. I didnt' get any notice of the reversal. I called ebay and they said they'd cancelled the order because I wasn't shipping it to my verified address. I can handle all that, but why didn't they email me when they cancelled the order.
Oh, they also disabled my paypal but didn't tell me that either. She said they sent me a letter. Well I wasnt' home to read it, dumbbells.
As soon as I knew, I got a guy living with us, who'd been in Europe longer and lived with his parents when he was in the US, to pay for the battery and I paid him.
I don't like notifying lots of people when I go out of town. They'll send their agent in Baltimore to rob my house.
I have a slot in the front door (It came with the house) so that I don't have to cancel my mail when I go out of town. Fedex comes with an overnight letter from my bank and leaves it on the stoop, tilted towards the street, so anyone can see that it's there and take it. Especially a little kid might like the bright red, white, and blue envelope. I talked to four people at fedex and none will tell me if fedex has a policy about mail slots. One said that each city gets to make its own policies. Really? So they have no national policies? They can have a different city policy that permits opening and reading what's inside?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 9:02 PM, micky wrote:

They are allowed to use the slot, but not a box. http://pe.usps.gov/text/dmm/d041.htm
1.1Authorized Depository
Except as excluded by 1.2, every letterbox or other receptacle intended or used for the receipt or delivery of mail on any city delivery route, rural delivery route, highway contract route, or other mail route is designated an authorized depository for mail within the meaning of 18 USC 1702, 1705, 1708, and 1725.
1.2Exclusions
Door slots and nonlockable bins or troughs used with apartment house mailboxes are not letterboxes within the meaning of 18 USC 1725 and are not private mail receptacles for the standards for mailable matter not bearing postage found in or on private mail receptacles. The post or other support is not part of the receptacle.
1.3Use for Mail
Except under 2.11, the receptacles described in 1.1 may be used only for matter bearing postage. Other than as permitted by 2.10 or 2.11, no part of a mail receptacle may be used to deliver any matter not bearing postage, including items or matter placed upon, supported by, attached to, hung from, or inserted into a mail receptacle. Any mailable matter not bearing postage and found as described above is subject to the same postage as would be paid if it were carried by mail.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Just be glad Obama isn't in charge of eBay, he wouldn't know about it for several more weeks.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 9:49 PM, Gordon Shumway wrote:

[snip]

LOL! Not to mention the fact that we would not get the truth about it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Probably a phishing email, since it didn't address you by name.

If you changed your password by clicking on a link in that email, I think you'd better change it again, RIGHT NOW -- but this time, go to eBay's web site to do it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 10:03 PM, Doug Miller wrote:

No worries. No link was provided in the email from eBay
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Doug Miller wrote:

Nope , I ,stupid as I am, know better than to click on a link in an email . I went to my ebay account and changed it . No redirects , no spoofed url's , just straight to ebay .
--
Snag



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/2014 10:03 PM, Doug Miller wrote:

I saw that email come through, briefly read it and then deleted it. I assumed that it was a phishing email but surprisingly it didn't have a link in it anywhere. I should have looked closely at the headers but didn't bother to. Wish I still had it so I could see what the "reply to" address was. Anyway, I still don't think that it came from ebay because I did not have a similar message from them in my message box.
If someone still has the message take a close look at the headers, etc. and report back.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Thanks. You know. I know. Why doesn't fedex know?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Sun, 25 May 2014 03:03:13 +0000 (UTC), Doug Miller

BTW, isnt' one of the big problems of hackers getting names and email addresses that when they send out phishing email, they CAN include your actual name?
So that you're right the absence of a name is a telltale, but the presence of one no longer is for places like Ebya, Target etc. etc. etc?

Right.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I know that happened but I got no such Email.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
IGot2P wrote:

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 5/24/14 5:37 PM, Terry Coombs wrote:

I looked at the warning on the Ebay homepage this morning. It starts out
"On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password."
Funny thing about that. I haven't received an email about it yet. There is nothing in my personal Ebay messages at their site either. There are probably bunches of people with Ebay accounts who go months at a time without looking at the Ebay site. I wonder how many of those have been alerted somehow, someway.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
in alt.home.repair:

I never received any email from them, either, and like you there is no evidence that they ever sent one to me. I do check in at Ebay every few days or so, so maybe they figured I already knew, which I did.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Nil wrote:

Probably not , I got this email a couple of days after I changed my pwd .
--
Snag



Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.