eBay Got Hacked – Now What?

Posted by Pete May.21, 2014 in Passwords & Security

You should change your password on eBay. ASAP.

ebay

We changed ours. It was easy but necessary. Here’s why.

Earlier today, eBay announced:

eBay Inc. to Ask eBay Users to Change Passwords

People frequently ask us how a password manager helps protect them against a corporate breach like this.

It’s simple – as long are there are bad guys, there will be breaches. Just think of the recent attacks on Target, Hotmail, Adobe, and so on. (Bad guys are attracted to easy money and cyber attacks are the 21st century equivalent of 19th train robberies!)

When they do happen, you need to be ready, and a password manager is the best way to protect yourself.

Benefits of using a password manager:

  • you’re more likely to have a unique password for each of your accounts
  • you’re more likely to have a strong password for each of those accounts
  • you’ll have the confidence to make quick changes to your passwords using the password generator and encrypted storage

Because of this, a corporate breach affects only one of your accounts and that minimizes the risk to you when something bad does happen.

A bonus of using a password manager that isn’t mentioned often is that because you practice good password hygiene, the news of a breach is more likely to catch your attention.

When it comes to breaches, time is of the essence: the sooner you act to change a password the greater the chance that your account won’t be emptied.

In the press release on their corporate website ebayinc.com (rather than on the retail website ebay.com that everyone knows and visits), the company announced that their database was “compromised between late February and early March.”

From the release:

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.” (our emphasis)

The release tells us that eBay will start getting people to change their passwords at a later date. That just seems strange to us.

Don’t wait for that email from eBay and go change your password!

Use the following tips to keep it safe:

While eBay and other sites permit a minimum of 6 characters, good practice is at least 8 characters, and the general rule is the longer the better! Sticky Password’s password generator allows you to quickly and flexibly use even more secure settings.

For your reference, here are eBay’s rules on passwords:

 Your password must be:

  • At least 6 characters
  • A combination of at least two of the following: uppercase or lower case letters (A-Z or a-z), numbers (0-9) and special characters (?_!@#) (example: Beatlesfan#28, $uperman1963)

Your password can’t be:

  • Similar to your email address or eBay user ID.o
  • Common passwords or passwords with number or letter sequences (example: abc123)
  • Single words that can be found in the dictionary (example: kangaroo)

Other password tips:

  • Don’t use personal information that others can easily obtain or guess (example: your name, phone number, or birth date).
  • The longer and more complex your password is, the harder it will be to guess. Place numbers and punctuation randomly in your password.
  • Create a password that’s secure, but still easy for you to remember. To help you remember your password, consider using a phrase or song title as your password. For example, “Somewhere Over the Rainbow” can become “Sw0tR8nBo.”
  • After creating your password, protect it. Don’t share your password with others.
  • Don’t use the same password for your other online accounts, such as email, bank, and social networking accounts.

Important security note:

eBay will never ask you to provide your password by email. So beware of phishing emails.

To enjoy all the benefits of a password manager, grab Sticky Password now and start your good password practices today.