

EBay Inc. To Ask All eBay Users To Change Passwords - mpclark
https://www.paypal-community.com/t5/PayPal-Forward/eBay-Inc-To-Ask-All-eBay-Users-To-Change-Passwords/ba-p/815276

======
jcr
Since I never knew that "www.paypal-community.com" existed, I checked the
basics:

    
    
      $ nslookup www.paypal-community.com
      Server:         66.174.92.14
      Address:        66.174.92.14#53
    
      Non-authoritative answer:
      www.paypal-community.com        canonical name = ppl.lithium.com.
      Name:   ppl.lithium.com
      Address: 208.74.205.40
    
      $ whois paypal-community.com 
      Registrant Name: Host Master
      Registrant Organization: PayPal Inc.
      Registrant Street: 2211 North First Street
      Registrant City: San Jose
      Registrant State/Province: CA
      Registrant Postal Code: 95131
      Registrant Country: US
      Registrant Phone: +1.4083767400
      Registrant Phone Ext:
      Registrant Fax:
      Registrant Fax Ext:
      Registrant Email: hostmaster@ebay.com
    
      $ whois 208.74.205.40
      NetRange:       208.74.204.0 - 208.74.207.255
      CIDR:           208.74.204.0/22
      OriginAS:
      NetName:        LITHIUM-NET1
      NetHandle:      NET-208-74-204-0-1
      Parent:         NET-208-0-0-0-0
      NetType:        Direct Assignment
      RegDate:        2007-02-09
      Updated:        2012-02-24
      Ref:            http://whois.arin.net/rest/net/NET-208-74-204-0-1
      OrgName:        Lithium Technologies, Inc.
      OrgId:          LITHI
      Address:        225 Bush Street
      Address:        15th floor
      City:           San Francisco
      StateProv:      CA
      PostalCode:     94104
      Country:        US
      RegDate:        2007-01-04
      Updated:        2014-02-25
      Ref:            http://whois.arin.net/rest/org/LITHI
      ...
    

And of course:
[http://www.networking4all.com/en/support/tools/site+check/re...](http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=https%3A%2F%2Fwww.paypal-
community.com&protocol=https)

Many pages on paypal-community.com have a "Powered By Lithium" banner, so they
seem to be the folks who wrote the "community forum" software.

[http://www.lithium.com/](http://www.lithium.com/)

And they're mentioned in the paypal privacy policy:

[https://www.paypal.com/uk/webapps/mpp/ua/privacy-
full](https://www.paypal.com/uk/webapps/mpp/ua/privacy-full)

~~~
nodata
You can put anything you like in the WHOIS database.

~~~
jcr
Of course it's easy to forge whois data, but that's why you also check the IP
address, ASN, SSL Cert, ...

------
reuven
I got e-mail from eBay yesterday (Tuesday), saying that there had been
suspicious activity on my account, and that the account was locked, until I
changed the password. I haven't bought anything on eBay in a few years. The
message said that any charges that my account had incurred had been reversed.

It's probably a sign of the times that I was _sure_ that this was a phishing
message. I checked it a whole bunch of ways before deciding that yes, I should
change my eBay password. Even so, rather than click on a link in the e-mail
message, I went to ebay.com in my browser, and went through the procedure to
change my password.

I checked the activity log for my account, and it didn't show anything. So I'm
still not sure if this means my account was broken into or used.

If everyone is indeed being asked to change their passwords, then the message
I received was a bad way to say it.

------
mrobert
For those having trouble navigating Ebay's dashboards to find out how to
change the password, here's a link to the page that describes how to do that:

[http://pages.ebay.com/help/account/change-
password.html](http://pages.ebay.com/help/account/change-password.html)

And the direct link:

[https://signin.ebay.com/ws/eBayISAPI.dll?ChangePasswordAndCr...](https://signin.ebay.com/ws/eBayISAPI.dll?ChangePasswordAndCreateHint)

~~~
x1798DE
What is the point of ebay redirecting HTTPS versions of their site to an HTTP
version? They have an EV cert and everything for the login page. Is it spite?

------
mpclark
At the time of posting this to HN the body of the post said simply
"Placeholder text."

~~~
pling
Still says it. It's on the article index as well:

[https://www.paypal-community.com/t5/PayPal-
Forward/bg-p/PPFW...](https://www.paypal-community.com/t5/PayPal-
Forward/bg-p/PPFWD)

------
pling
Have changed my eBay password right away just in case this is something major.

However, the paypal password change screen is not responding and returning a
blank screen. Terrible!

~~~
coffeecheque
Me too. I've noticed that finding the "change password" option on eBay is
always really hard.

On PayPal, it's got really annoying Javascripts that stop you copying and
pasting passwords. I use a password manager, so all my passwords are random
and unique.

~~~
martinml
I edited the 'value' attribute of the input elements and pasted my password
there. Maximum of 20 chars also :\

------
_RPM
In case they fix it before the rest of HN wakes up[0].

[0] [http://i.imgur.com/O5jLGsm.png](http://i.imgur.com/O5jLGsm.png)

~~~
nwh
Full site archive: [http://archive.today/ZXNa8](http://archive.today/ZXNa8)

~~~
_RPM
You definitely one-upped me here.

------
mpclark
Now confirmed by a press release:

[http://www.businesswire.com/news/home/20140521005813/en/eBay...](http://www.businesswire.com/news/home/20140521005813/en/eBay-
To%C2%A0Ask-eBay-Users-Change-Passwords)

------
jmac-sjc
So, will the Board of Directors hold anyone accountable to ?millions? of
records being stolen (they have 128 million possible)? For now no CC info was
believed lost, but they likely don't have any way to know unless they see
fraudulent usage...

------
mihai_ionic
I just made a PayPal account just the other day.

Now I'm really glad that I used `makepasswd --chars 20`, even though I had to
paste the password into the input element's value with Inspect Element.

------
PaulHoule
If you make people change their password there is some chance people just
won't do it and won't ever use eBay again... Bye!

~~~
jeroen
The cost of fraudulent activity is probably much higher than the missed
revenue from those people.

~~~
PaulHoule
I dunno.

My wife quit using eBay when her Paypal account got locked out and she'd have
to send a fax to unlock it.

I quit using eBay because the auctions stopped and it wasn't possible to get
good deals anymore. The AMZN marketplace works better for most of what I buy
and if I want something funky there is always etsy.

This is just one more step in eBay's slow decline.

------
nodata
There is no information here at all. Flagged.

~~~
mpclark
That's just silly. The headline, the subject matter and the fact that it's on
a company domain all add up to plenty of information. The fact that it appears
to have been prematurely posted adds more interest.

~~~
nodata
It's speculation with no information at all. This isn't HN Rumors, and that
link doesn't even go to a tweet - it goes to a page full of no information.

~~~
mpclark
Again, it is a very clear message that impacts millions of people and is
hosted on a page belonging to the company. There may not be as much
information as you'd like, but there's nothing speculative about it.

~~~
nodata
It's an unclear message that impacts nobody until it is confirmed. Don't
fearmonger.

Edit: they've removed your temporary page now: "The message you are trying to
access is not available."

~~~
unreal37
They've posted it to their corporate site:

[http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-
ebay-u...](http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-
change-passwords)

~~~
nodata
Yeah, and now it becomes news.

