It’s all very curious.
A post has appeared on PayPal’s community site and press website claiming that eBay is going to ask all eBay users to change their passwords.
eBay Inc. To Ask All eBay Users To Change Passwords
place holder text.
If you click on the link you get taken to this:
PayPal, you will recall, is owned by eBay. It seems, therefore, somewhat unlikely that they would be pulling the leg of eBay users.
And yet, the message is clearly incomplete.
I see a few possible explanations until PayPal or eBay tells us what is going on:
- Some mischief-maker has managed to access PayPal’s blog and post a bogus headline. That wouldn’t be good news.
- There’s been an internal screw-up at PayPal, and someone has accidentally published a blog post (perhaps prepared during a crisis management exercise) claiming that all eBay passwords need to be reset. That wouldn’t be good news, but not as bad as an unauthorised party gaining access to the PayPal blog… or indeed as bad as a security breach
- PayPal has identified, or been responsibly informed of, a security issue that requires users to change their passwords as a precaution. That wouldn’t be good, but better than some scenarios.
- PayPal has had a security breach and is going to ask all of its users to change their passwords. Their announcement has been published a little before schedule, before they’d finished writing it. That wouldn’t be good.
I don’t know which scenario is true. But I just changed my eBay password.
You may wish to do the same.
Via Engadget.
Update: The mystery post has now disappeared from PayPal’s website. It will be interesting to see if they make any further comment.
Later update: Oh dear. eBay has now confirmed it has suffered a security breach.
What do you think is happening? Leave your opinion below while we wait to hear official word from eBay/PayPal
My bank phoned me this to check that I was the person who used my PayPal account 5 times yesterday
By radically changing a password before an official release is good, although that would also hint at another possibility:
* Through whatever new security measures eBay are going through, or worse still, an ongoing attack, prematurely changing one's password may not be preventative, as you may be asked to do it again once the correct action has been taken.