It starts out :
IMPORTANT: PASSWORD UPDATE
Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.
Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.
Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .
Here's my response:
If you truly gave a damn about your customers' trust and security, the
very FIRST thing you would have done was send this email to us.
Instead, we get it 48 hours AFTER the media is talking about and
I heard about it around 6:00AM on May 22nd (no thanks to eBay) and when
I went to the website there was nothing mentioned. When I logged in and
checked my eBay messages there was no mention of it. Apparently I could
have found an auction for a 18K solid gold Siamese cat with one testicle
with a "Buy it Now" price of $12.76 and free shipping.
It was not until I went to change my password of my own volition that I
received a popup telling me that was a good thing to do. Well, DOH!
Other said that there was a pop up on the main page when the went to the
site at about the same time as others, and yet, others complained - as I
did - that there was absolutely nothing on the site.
I tried several times early Thursday morning to find that elusive
warning popup without success. I even rebooted the computer one and
tried accessing the site with BOTH Firefox and IE. It was not until I
logged on about 12 hours later that the popup appeared on the main page
when I browsed to your site.
I understand that you can only do so much to prevent this sort of
nonsense and, I applaud your company for its success in preventing this
crap in the past. I don't fault you for this breach as I simply don't
have enough facts in hand to judge whether eBay bears any responsibility
or negligence in the matter.
I do know and I strongly suspect that I'm in the majority... Your
users/customers are concerned about the slip shod manner in which you
addressed this issue.
This might be an interesting topic for the annual stockholders meeting.
I and my friends don't own enough shares in EBAY to cause a blip in
the daily trades even if they were carrying the percentages out to 125
places to the right of the decimal point so a threat to sell off would
be meaningless, but... It only takes a single share to have standing
to raise hell over this cluster...
"Nasty letter to follow"<g>
Well they havent' written me yet. Maybe they know I'm not respnonsive.
I'll tell you an ebay story, though. 6 years ago I was in Europe and
my new used laptop needed a new battery. I bought one from Hong Kong
and it said 15 days or something for delivery. I waited and when it
was longer and it didnt' come, I went looking. I found that my Paypal
charge had gone through and then been reversed a couple days later. I
didnt' get any notice of the reversal. I called ebay and they said
they'd cancelled the order because I wasn't shipping it to my verified
address. I can handle all that, but why didn't they email me when
they cancelled the order.
Oh, they also disabled my paypal but didn't tell me that either. She
said they sent me a letter. Well I wasnt' home to read it, dumbbells.
As soon as I knew, I got a guy living with us, who'd been in Europe
longer and lived with his parents when he was in the US, to pay for the
battery and I paid him.
I don't like notifying lots of people when I go out of town. They'll
send their agent in Baltimore to rob my house.
I have a slot in the front door (It came with the house) so that I don't
have to cancel my mail when I go out of town. Fedex comes with an
overnight letter from my bank and leaves it on the stoop, tilted towards
the street, so anyone can see that it's there and take it. Especially
a little kid might like the bright red, white, and blue envelope. I
talked to four people at fedex and none will tell me if fedex has a
policy about mail slots. One said that each city gets to make its own
policies. Really? So they have no national policies? They can have a
different city policy that permits opening and reading what's inside?
They are allowed to use the slot, but not a box.
Except as excluded by 1.2, every letterbox or other receptacle intended
or used for the receipt or delivery of mail on any city delivery route,
rural delivery route, highway contract route, or other mail route is
designated an authorized depository for mail within the meaning of 18
USC 1702, 1705, 1708, and 1725.
Door slots and nonlockable bins or troughs used with apartment house
mailboxes are not letterboxes within the meaning of 18 USC 1725 and are
not private mail receptacles for the standards for mailable matter not
bearing postage found in or on private mail receptacles. The post or
other support is not part of the receptacle.
1.3Use for Mail
Except under 2.11, the receptacles described in 1.1 may be used only for
matter bearing postage. Other than as permitted by 2.10 or 2.11, no part
of a mail receptacle may be used to deliver any matter not bearing
postage, including items or matter placed upon, supported by, attached
to, hung from, or inserted into a mail receptacle. Any mailable matter
not bearing postage and found as described above is subject to the same
postage as would be paid if it were carried by mail.
I saw that email come through, briefly read it and then deleted it. I
assumed that it was a phishing email but surprisingly it didn't have a
link in it anywhere. I should have looked closely at the headers but
didn't bother to. Wish I still had it so I could see what the "reply to"
address was. Anyway, I still don't think that it came from ebay because
I did not have a similar message from them in my message box.
If someone still has the message take a close look at the headers, etc.
and report back.
On Sun, 25 May 2014 03:03:13 +0000 (UTC), Doug Miller
BTW, isnt' one of the big problems of hackers getting names and email
addresses that when they send out phishing email, they CAN include your
So that you're right the absence of a name is a telltale, but the
presence of one no longer is for places like Ebya, Target etc. etc. etc?
I looked at the warning on the Ebay homepage this morning.
It starts out
"On Wednesday, we announced that we are asking all eBay users to change
their password. This is because of a cyberattack that compromised our
eBay user database, which contained your encrypted password."
Funny thing about that. I haven't received an email about it yet.
There is nothing in my personal Ebay messages at their site either.
There are probably bunches of people with Ebay accounts who go months at
a time without looking at the Ebay site. I wonder how many of those
have been alerted somehow, someway.
I never received any email from them, either, and like you there is no
evidence that they ever sent one to me. I do check in at Ebay every few
days or so, so maybe they figured I already knew, which I did.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.