EBAY – Still Can’t Reset Passwords
Ebay was hacked months ago. They hid the evidence, and the ICO are considering investigating them – for their handling of the security breach. The sheer volume of users identities and personal details stolen is unforgivable. They needed to come clean immediately. Right now they look and feel untrustworthy.
Customers are advised to “change their passwords”. Fine, except that 3 days after the announcement, Ebay’s password reset system can’t handle the volume. They had several months to reset passwords… you’d think they’d have planned for this moment.
What was stolen?
The other data included:
- email addresses
- physical addresses
- phone numbers
- dates of birth
And there are millions of customers who can’t reset their passwords. If the ICO and Europe ever needed to issue a multi millon dollar fine… THIS is the case, simply because Ebay attempted to suppress knowledge of the breach for MONTHS.
When millions are affected, there is no place to hide.
And to add insult to injury, users still can’t reset their passwords, 3 days later!!
I notice your advice to UK civilians:
‘Don’t hang about, change your password’ – Information Commissioner
However, I hope the ICO are also aware that UK civilians are NOT ABLE TO RESET THEIR PASSWORDS.
This is a second breach of trust. I hope your investigation covers this matter, as a rapid response from EBAY is needed, and their management of the issue, and their security procedures have failed… AGAIN.