Skip to content

EBAY – Still Can’t Reset Passwords


Ebay was hacked months ago.  They hid the evidence, and the ICO are considering investigating them – for their handling of the security breach.  The sheer volume of users identities and personal details stolen is unforgivable.  They needed to come clean immediately.  Right now they look and feel untrustworthy.

Customers are advised to “change their passwords”.  Fine, except that 3 days after the announcement, Ebay’s password reset system can’t handle the volume.  They had several months to reset passwords… you’d think they’d have planned for this moment.

ebay password reset failure

What was stolen?

The other data included:

  • email addresses
  • physical addresses
  • phone numbers
  • dates of birth


And there are millions of customers who can’t reset their passwords.  If the ICO and Europe ever needed to issue a multi millon dollar fine… THIS is the case, simply because Ebay attempted to suppress knowledge of the breach for MONTHS.

When millions are affected, there is no place to hide.

And to add insult to injury, users still can’t reset their passwords, 3 days later!!


Dear ICO,

I notice your advice to UK civilians:

‘Don’t hang about, change your password’ – Information Commissioner

However, I hope the ICO are also aware that UK civilians are NOT ABLE TO RESET THEIR PASSWORDS.

This is a second breach of trust.  I hope your investigation covers this matter, as a rapid response from EBAY is needed, and their management of the issue, and their security procedures have failed… AGAIN.


  1. What really bothers me about these kinds of breaches is the lack of information they’ve released to the customers. Remember the RSA thing several years ago where the SecurID token thing was breached, but RSA refused to say what exactly was compromised? That withholding of information led to several defence contractors not knowing they were also hacked.

    In the absence of information, the customers should assume one thing – the worst.


  2. The situation is a disaster. They tell you to reset your passwords – when Ebays infrastructure is in melt down. Withholding of information regarding the breach was a betrayal, but this situation, 3 days later, is horrendous. I’m stunned by it.


  3. I reset mine on the strength of an article from you guys long before I got any indication from eBay that there was an issue and each time I log in now I still get their change your password advice, dumb asses. Anyway I did mine obviously before the floodgates opened and everyone hit the system at once.


    • I’d advise going further. Check your bank statements and change the passwords on anything associated with your eBay account, especially your email. If the attackers were in the system for weeks, they’re very good.


      • I will do that, time for a new set of security measures anyway!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: