Email from eBay

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.

Well , I changed my password a day or two ago , but it's nice that eBay is closing the gate . Too bad it's after all the horses have escaped .

Reply to
Terry Coombs
Loading thread data ...

Expect more to happen. If one human can encrypt it, another will eventually unencrypt it. There is gold to be mined.

Reply to
Ed Pawlowski

Signed by "Devin Wenig , President , eBay market place" . And , hey , it's only 3 days after the MSM broke the story !

Reply to
Terry Coombs

Yeah , well let's hope it ain't MY gold , I barely have enough to meet my own needs .

Reply to
Terry Coombs

Here's my response:

Mr. Wenig,

If you truly gave a damn about your customers' trust and security, the very FIRST thing you would have done was send this email to us. Instead, we get it 48 hours AFTER the media is talking about and analyzing it.

I heard about it around 6:00AM on May 22nd (no thanks to eBay) and when I went to the website there was nothing mentioned. When I logged in and checked my eBay messages there was no mention of it. Apparently I could have found an auction for a 18K solid gold Siamese cat with one testicle with a "Buy it Now" price of $12.76 and free shipping.

It was not until I went to change my password of my own volition that I received a popup telling me that was a good thing to do. Well, DOH!

Other said that there was a pop up on the main page when the went to the site at about the same time as others, and yet, others complained - as I did - that there was absolutely nothing on the site.

I tried several times early Thursday morning to find that elusive warning popup without success. I even rebooted the computer one and tried accessing the site with BOTH Firefox and IE. It was not until I logged on about 12 hours later that the popup appeared on the main page when I browsed to your site.

I understand that you can only do so much to prevent this sort of nonsense and, I applaud your company for its success in preventing this crap in the past. I don't fault you for this breach as I simply don't have enough facts in hand to judge whether eBay bears any responsibility or negligence in the matter.

I do know and I strongly suspect that I'm in the majority... Your users/customers are concerned about the slip shod manner in which you addressed this issue.

This might be an interesting topic for the annual stockholders meeting. I and my friends don't own enough shares in EBAY to cause a blip in the daily trades even if they were carrying the percentages out to 125 places to the right of the decimal point so a threat to sell off would be meaningless, but... It only takes a single share to have standing to raise hell over this cluster...

"Nasty letter to follow"

Reply to
Unquestionably Confused

Well they havent' written me yet. Maybe they know I'm not respnonsive.

I'll tell you an ebay story, though. 6 years ago I was in Europe and my new used laptop needed a new battery. I bought one from Hong Kong and it said 15 days or something for delivery. I waited and when it was longer and it didnt' come, I went looking. I found that my Paypal charge had gone through and then been reversed a couple days later. I didnt' get any notice of the reversal. I called ebay and they said they'd cancelled the order because I wasn't shipping it to my verified address. I can handle all that, but why didn't they email me when they cancelled the order.

Oh, they also disabled my paypal but didn't tell me that either. She said they sent me a letter. Well I wasnt' home to read it, dumbbells.

As soon as I knew, I got a guy living with us, who'd been in Europe longer and lived with his parents when he was in the US, to pay for the battery and I paid him.

I don't like notifying lots of people when I go out of town. They'll send their agent in Baltimore to rob my house.

I have a slot in the front door (It came with the house) so that I don't have to cancel my mail when I go out of town. Fedex comes with an overnight letter from my bank and leaves it on the stoop, tilted towards the street, so anyone can see that it's there and take it. Especially a little kid might like the bright red, white, and blue envelope. I talked to four people at fedex and none will tell me if fedex has a policy about mail slots. One said that each city gets to make its own policies. Really? So they have no national policies? They can have a different city policy that permits opening and reading what's inside?

Reply to
micky

Just be glad Obama isn't in charge of eBay, he wouldn't know about it for several more weeks.

Reply to
Gordon Shumway

"Terry Coombs" wrote in news:la9gv.2400049$116.1180712 @fx21.iad:

Probably a phishing email, since it didn't address you by name.

If you changed your password by clicking on a link in that email, I think you'd better change it again, RIGHT NOW -- but this time, go to eBay's web site to do it.

Reply to
Doug Miller

LOL! Not to mention the fact that we would not get the truth about it.

Reply to
Unquestionably Confused

No worries. No link was provided in the email from eBay

Reply to
Unquestionably Confused

Nope , I ,stupid as I am, know better than to click on a link in an email . I went to my ebay account and changed it . No redirects , no spoofed url's , just straight to ebay .

Reply to
Terry Coombs

They are allowed to use the slot, but not a box.

formatting link

1.1Authorized Depository

Except as excluded by 1.2, every letterbox or other receptacle intended or used for the receipt or delivery of mail on any city delivery route, rural delivery route, highway contract route, or other mail route is designated an authorized depository for mail within the meaning of 18 USC 1702, 1705, 1708, and 1725.

1.2Exclusions

Door slots and nonlockable bins or troughs used with apartment house mailboxes are not letterboxes within the meaning of 18 USC 1725 and are not private mail receptacles for the standards for mailable matter not bearing postage found in or on private mail receptacles. The post or other support is not part of the receptacle.

1.3Use for Mail

Except under 2.11, the receptacles described in 1.1 may be used only for matter bearing postage. Other than as permitted by 2.10 or 2.11, no part of a mail receptacle may be used to deliver any matter not bearing postage, including items or matter placed upon, supported by, attached to, hung from, or inserted into a mail receptacle. Any mailable matter not bearing postage and found as described above is subject to the same postage as would be paid if it were carried by mail.

Reply to
Ed Pawlowski

I saw that email come through, briefly read it and then deleted it. I assumed that it was a phishing email but surprisingly it didn't have a link in it anywhere. I should have looked closely at the headers but didn't bother to. Wish I still had it so I could see what the "reply to" address was. Anyway, I still don't think that it came from ebay because I did not have a similar message from them in my message box.

If someone still has the message take a close look at the headers, etc. and report back.

Reply to
IGot2P

Thanks. You know. I know. Why doesn't fedex know?

Reply to
micky

BTW, isnt' one of the big problems of hackers getting names and email addresses that when they send out phishing email, they CAN include your actual name?

So that you're right the absence of a name is a telltale, but the presence of one no longer is for places like Ebya, Target etc. etc. etc?

Right.

Reply to
micky

I know that happened but I got no such Email.

Reply to
Julie Bove

IGot2P wrote:

Here ya go :

Return-path: Envelope-to: snipped-for-privacy@mvtel.net Received: from emailsecurity.infodash.com ([216.134.224.205]) by mail1.ytc.net with esmtp (Exim 4.80.1) (envelope-from ) id 1WoKJ6-0005HK-Nz for snipped-for-privacy@mvtel.net; Sat, 24 May 2014 17:20:48 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArkhACsagVNbwvinhmdsb2JhbAAVLBQDAwqBXwZQgReDPwOnYI97AYdaARFSFg4BAQEKCQsHFiiCLwwBAQERDg8DAQICCQgSDwEEAUEDEgICdR2HQWMBCI8jjyEBAYgGAYEvAYc9gmMBAXaDQUp6AkUQgRCYIAIChU4BBotDAYEDgSkRAWEBBQEFAoIcDxcbEoE5iB6INopglSQrEC8BgQmBMg X-IPAS-Result: ArkhACsagVNbwvinhmdsb2JhbAAVLBQDAwqBXwZQgReDPwOnYI97AYdaARFSFg4BAQEKCQsHFiiCLwwBAQERDg8DAQICCQgSDwEEAUEDEgICdR2HQWMBCI8jjyEBAYgGAYEvAYc9gmMBAXaDQUp6AkUQgRCYIAIChU4BBotDAYEDgSkRAWEBBQEFAoIcDxcbEoE5iB6INopglSQrEC8BgQmBMg X-IronPort-AV: E=Sophos;i="4.98,903,1392184800"; d="scan'208,217";a="109910977" Received: from e3uspmta167.emarsys.net ([91.194.248.167]) by emailsecurity.infodash.com with ESMTP; 24 May 2014 17:20:49 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=emarsys2007; d=reply1.ebay.com; h=List-Unsubscribe:List-Id:MIME-Version:To:From:Subject:Content-Type:Message-ID:Date;i= snipped-for-privacy@reply1.ebay.com; bh=X1zIJTO8G+uZ3FMgDJ4Jfyxe1pA=; b=MoBjVR5G0CmMtvkQi9yxLG0PL1QP84t93RoNjOQyQhwDEk92+jP+L9XiQenj56NsHXJ19WF5FZFQ +e6M7HsDB5g5OkX8SDaTrPFoyWaoi4qwG8sFXk053RmY2xdHO4TCXwJ4v/3TU6xwQwIkx4pJ88bO 8Xv+Lyz9Nnf2evbi8Wg=DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=emarsys2007;d=reply1.ebay.com; b=FIsqd3Z3SWwLunUfcYhNSNMKLE/FNU48qU/1wjj6UM+vMykg85tSaf/KwvkgquUVfqcKBuJfVm2C o7bF+y1gRteHIxHE4PrX+KNm3AUZquIkrjPb1ySJG0YoVwFJ356Oa70RIcj/t2BuhXMzaVNyjVpM WlO4qroT3wc+xYu1MnA=;Received: from e3.emarsys.net (10.105.0.83) by e3uspmta167.emarsys.net idhg4dk216nmck for ; Sun, 25 May 2014 00:20:46 +0200(envelope-from )X-EMarSys-Identify:1301_1754881451099_1754958700462_2b5efaII3b1060II1989bb09faeII1X-EMarSys-Environment: e3usList-Unsubscribe:List-Id: 1301 X-CSA-Complaints: snipped-for-privacy@eco.deMIME-Version: 1.0-- Snag

Reply to
Terry Coombs

I looked at the warning on the Ebay homepage this morning. It starts out

"On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password."

Funny thing about that. I haven't received an email about it yet. There is nothing in my personal Ebay messages at their site either. There are probably bunches of people with Ebay accounts who go months at a time without looking at the Ebay site. I wonder how many of those have been alerted somehow, someway.

Reply to
Dean Hoffman

On 25 May 2014, Dean Hoffman wrote in alt.home.repair:

I never received any email from them, either, and like you there is no evidence that they ever sent one to me. I do check in at Ebay every few days or so, so maybe they figured I already knew, which I did.

Reply to
Nil

Probably not , I got this email a couple of days after I changed my pwd .

Reply to
Terry Coombs

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.