

Ebay hacked - kull

Got this email yesterday:&lt;p&gt;---------&lt;p&gt;Important - eBay Password Reset Required&lt;p&gt;IMPORTANT: PASSWORD UPDATE&lt;p&gt;Dear eBay Member,&lt;p&gt;To help ensure customers&#x27; trust and security on eBay, I am asking all eBay users to change their passwords.&lt;p&gt;Here&#x27;s why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.&lt;p&gt;What&#x27;s important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.&lt;p&gt;What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or later, we do not need you to take any additional action at this time.&lt;p&gt;Changing your password may be inconvenient. I realize that. We are doing everything we can to protect your data and changing your password is an extra precautionary step, in addition to the other security measures we have in place.&lt;p&gt;If you have only visited eBay as a guest user, we do not have a password on file.&lt;p&gt;If you used the same eBay password on any other site, I encourage you to change your password on those sites too. And if you are a PayPal user, we have no evidence that this attack affected your PayPal account or any PayPal financial information, which is encrypted and stored on a separate secure network. .....
======
ColinWright
This seems to be old news - it first hit HN 11 days ago:

[https://hn.algolia.com/?q=ebay+hacked#!/story/sort_by_date/0...](https://hn.algolia.com/?q=ebay+hacked#!/story/sort_by_date/0/ebay%20hacked)

~~~
kull
I see. great they are letting us know about that just now.

~~~
ColinWright
Indeed. But there is a lesson here. If you run a service, just how quickly can
you email _everyone_ in you user base? I can imagine that eBay has a
logistical nightmare trying to deal with the hack, and having to email
everyone potentially with a different, personalized message.

If one of my services were to be similarly compromised, I'm not sure I'd have
an acceptable turn-around time.

Thinking about that ...

------
karangoeluw
I got this email just now.

