Yesterday, at 5:32pm UK time, I received an email from eBay, telling me that I should consider changing my password because they had suffered a security breach.
This wasn’t news to me (and I suspect not you either).
After all, on Wednesday last week (at 12:22pm) I posted a story asking “Should you change your eBay password?”, after I saw a strange message appear on PayPal’s press website:
eBay scrabbled to remove the “placeholder text” announcement which clearly wasn’t ready for public distribution, replacing it a few hours later with an official announcement.
For the record, I posted on my website that people should consider changing their eBay passwords a full 5 days, 5 hours, and 10 minutes before eBay emailed me.
I think that’s a pretty shameful response by eBay.
And I hear lots of eBay users still haven’t received any notification from the company that there has been a security breach, and that their personal information has been exposed.
Even if you have received the email from eBay it doesn’t bother to tell you *how* to change your password. So, here’s my simple guide:
How to change your eBay password
- Log into your eBay account
- Click on your name in the top left corner, and select Account Settings
- Now click “Personal Information”. You should see an option to “edit” your password.
- You will make sure you’re not using the same password anywhere else, won’t you? Good.
Remember, of course, to make sure that you are not re-using passwords on different websites.
If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack, key logger or a hack like the one against eBay) and then criminals could use it to unlock your other online accounts.
If you find passwords a burden – simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
6 comments on “It took eBay a *long* time to tell me to change my password”
Still not received any emails from eBay for a number of different accounts either and while it probably takes a while to send that many emails out to all their users it is extremely poor of eBay to have taken as long as it did to even start sending them and they should be doing everything they can to speed the process up. Luckily we are subscribed to your newsletter / site emails and changed all of our passwords for our accounts within a few minutes of you posting your initial warning and had also warned all of our users as well
Well well, apart from that VERY slow response from eBay as to resetting one's account password…. eBay is even messing up BIG TIME now: cross scripting, cookie injections just by visiting one of the eBay items from a hacker…
Read here: http://www.arnnet.com.au/article/546057/ebay_flaw_could_used_hijack_accounts_researcher_says/
Yes, the boy is just 19 years old, but eBay can't get its act together.
Still not received any emails from eBay (or PayPal) – not even spoof / spam ones!
I only just received my official email yesterday at 9:53 if hadn't been for my trusted daily security feeds would of been a lot lot longer
Not to mention the fact it took me 3 days to get ebay to even except a new password because certain characters like !] ) – aren't excepted which was not made clear at all..
Well, given that the breach took place in February I don't see that an extra few days makes much difference either way.
I'm more concerned about my unencrypted personal details getting loose anyway.
Finally – I get the long anticipated e-mail notification from eBay that they have been hacked and that I should change my password – 11 days after they first reported it on their blog. What’s with those guys’ e-mail system, 11 days to tell us here in the UK? Fortunately I changed my password a while ago.