Menu Search Hoax-Slayer

VALID - May 2014 eBay Password Reset Notification Email

Outline
Email from online auction company eBay asks you to change your account password due to a security breach.

Brief Analysis
The email is legitimate and you should indeed change your eBay password. eBay recently discovered that hackers had accessed their customer database, which holds encrypted passwords and other personal information. According to the company, there is no evidence that customer financial information was compromised. However, the company is asking users to change their passwords to 'help ensure the trust and security of all eBay customers'. While this email is valid and really is from eBay, watch for copycat scams that attempt to capitalize on news of the breach.


Example

Subject: Important - eBay Password Reset Required

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all eBay users to change their passwords.
Here's why: Recently, our company discovered a cyberattack on our corporate information network. This attack compromised a database containing eBay user passwords.
What's important for you to know: We have no evidence that your financial information was accessed or compromised. And your password was encrypted.

Read full eBay Announcement



Detailed Analysis

eBay Password Reset Email is Legitimate:

If you are an eBay customer, you may have received an email asking you to change your account password. At first glance, the email may look suspect because phishing scammers often send out bogus 'account update' messages.

However, this email is legitimate and really is from eBay. The company is asking its users to change their passwords to 'help ensure the trust and security of all eBay customers.'


Significant eBay Security Breach:

In May 2014, eBay discovered that hackers had recently accessed its customer database. Given that the site has 233 million customers, this is a very significant security breach.

The compromised database holds encrypted passwords as well as other -unencrypted - personal information such as customer names, email and physical addresses, phone numbers, and dates of birth.

eBay states that it has 'no evidence that your financial information was accessed or compromised'. However, this rather vague assurance has done little to alleviate the concerns of users.

The possible implications for eBay's customers remain unclear. The unencrypted personal information accessed in the breach could be used in targeted phishing attacks or in identity theft attempts.
p>

Heed the Advice in the eBay Notification:

Given the significance of this breach, you should certainly go to eBay and change your password as advised in the notification message. In fact, if you are an eBay customer, you would be wise to login to your eBay account and change your password even if you have not yet received the notification email.

Beware of 'Copycat' Scams:

Scammers are usually quick to capitalize on news of such security breaches. Watch out for 'copycat' scam emails that pretend to be from eBay and ask you to update details by clicking a link or opening an attached file. If you receive such an email, do not click on any links or open any attachments that it contains.

Note that the genuine eBay notification does not ask you to click a link. Instead, it asks that you go to eBay in your usual way and login to change your password.



Last updated: May 27, 2014
First published: May 27, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Important - please change your eBay password
Ebay urges users to reset passwords after cyberattack
eBay urges customers to change passwords after massive cyberattack on databases; no PayPal breach
Phishing Scams - Anti-Phishing Information

© Brett M.Christensen, 2014. All Rights Reserved.


Go to Desktop Version