It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .
--
Snag

On Sat, 24 May 2014 17:37:04 -0500, "Terry Coombs"
wrote:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

I let those I know with Ebay about the breach.

Did your E-mail indicate who "I am" is? Some name linked with
authority....

On 5/24/2014 6:37 PM, Terry Coombs wrote:

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .


Expect more to happen. If one human can encrypt it, another will
eventually unencrypt it. There is gold to be mined.

Oren wrote:
On Sat, 24 May 2014 17:37:04 -0500, "Terry Coombs"
wrote:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am
asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on
our corporate information network. This attack compromised a
database containing eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that
eBay is closing the gate . Too bad it's after all the horses have
escaped .

I let those I know with Ebay about the breach.

Did your E-mail indicate who "I am" is? Some name linked with
authority....

Signed by "Devin Wenig , President , eBay market place" . And , hey , it's
only 3 days after the MSM broke the story !
--
Snag

Ed Pawlowski wrote:
On 5/24/2014 6:37 PM, Terry Coombs wrote:

Here's why: Recently, our company discovered a cyberattack on
our corporate information network. This attack compromised a
database containing eBay user passwords.


Well , I changed my password a day or two ago , but it's nice
that eBay is closing the gate . Too bad it's after all the horses
have escaped .

Expect more to happen. If one human can encrypt it, another will
eventually unencrypt it. There is gold to be mined.

Yeah , well let's hope it ain't MY gold , I barely have enough to meet my
own needs .

--
Snag

On 5/24/2014 5:51 PM, Oren wrote:
On Sat, 24 May 2014 17:37:04 -0500, "Terry Coombs"
wrote:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

I let those I know with Ebay about the breach.

Did your E-mail indicate who "I am" is? Some name linked with
authority....


Got the same email within the last hour. Nice that they are Johnny on
the Spot. Signed off on by Devin Wenig
President, eBay Marketplaces.

Seems to me the FIRST thing these morons should have done was send this
letter out rather than engaging in damage control with the media.

I don't blame or fault them - simply not enough evidence on the how and
why this breach occurred - but I can damn them to hell for the f**ked up
way they handled it after the discovery.

Nasty response directed to good old, Devin to follow.

On 5/24/2014 5:37 PM, Terry Coombs wrote:
It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

Here's my response:


Mr. Wenig,

If you truly gave a damn about your customers' trust and security, the
very FIRST thing you would have done was send this email to us.
Instead, we get it 48 hours AFTER the media is talking about and
analyzing it.

I heard about it around 6:00AM on May 22nd (no thanks to eBay) and when
I went to the website there was nothing mentioned. When I logged in and
checked my eBay messages there was no mention of it. Apparently I could
have found an auction for a 18K solid gold Siamese cat with one testicle
with a "Buy it Now" price of $12.76 and free shipping.

It was not until I went to change my password of my own volition that I
received a popup telling me that was a good thing to do. Well, DOH!

Other said that there was a pop up on the main page when the went to the
site at about the same time as others, and yet, others complained - as I
did - that there was absolutely nothing on the site.

I tried several times early Thursday morning to find that elusive
warning popup without success. I even rebooted the computer one and
tried accessing the site with BOTH Firefox and IE. It was not until I
logged on about 12 hours later that the popup appeared on the main page
when I browsed to your site.

I understand that you can only do so much to prevent this sort of
nonsense and, I applaud your company for its success in preventing this
crap in the past. I don't fault you for this breach as I simply don't
have enough facts in hand to judge whether eBay bears any responsibility
or negligence in the matter.

I do know and I strongly suspect that I'm in the majority... Your
users/customers are concerned about the slip shod manner in which you
addressed this issue.

This might be an interesting topic for the annual stockholders meeting.
I and my friends don't own enough shares in EBAY to cause a blip in
the daily trades even if they were carrying the percentages out to 125
places to the right of the decimal point so a threat to sell off would
be meaningless, but... It only takes a single share to have standing
to raise hell over this cluster...


"Nasty letter to follow"g

"Terry Coombs" wrote in news:la9gv.2400049$116.1180712
@fx21.iad:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

Probably a phishing email, since it didn't address you by name.

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

If you changed your password by clicking on a link in that email, I think you'd better change
it again, RIGHT NOW -- but this time, go to eBay's web site to do it.

On 5/24/2014 10:03 PM, Doug Miller wrote:
"Terry Coombs" wrote in news:la9gv.2400049$116.1180712


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

If you changed your password by clicking on a link in that email, I think you'd better change
it again, RIGHT NOW -- but this time, go to eBay's web site to do it.



No worries. No link was provided in the email from eBay

Doug Miller wrote:
"Terry Coombs" wrote in
news:la9gv.2400049$116.1180712 @fx21.iad:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

Probably a phishing email, since it didn't address you by name.

To help ensure customers' trust and security on eBay, I am
asking all eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on
our corporate information network. This attack compromised a
database containing eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that
eBay is closing the gate . Too bad it's after all the horses have
escaped .

If you changed your password by clicking on a link in that email, I
think you'd better change it again, RIGHT NOW -- but this time, go to
eBay's web site to do it.

Nope , I ,stupid as I am, know better than to click on a link in an email .
I went to my ebay account and changed it . No redirects , no spoofed url's ,
just straight to ebay .

--
Snag

On 5/24/2014 9:02 PM, micky wrote:


I have a slot in the front door (It came with the house) so that I don't
have to cancel my mail when I go out of town. Fedex comes with an
overnight letter from my bank and leaves it on the stoop, tilted towards
the street, so anyone can see that it's there and take it. Especially
a little kid might like the bright red, white, and blue envelope. I
talked to four people at fedex and none will tell me if fedex has a
policy about mail slots. One said that each city gets to make its own
policies. Really? So they have no national policies? They can have a
different city policy that permits opening and reading what's inside?


They are allowed to use the slot, but not a box.
http://pe.usps.gov/text/dmm/d041.htm

1.1Authorized Depository

Except as excluded by 1.2, every letterbox or other receptacle intended
or used for the receipt or delivery of mail on any city delivery route,
rural delivery route, highway contract route, or other mail route is
designated an authorized depository for mail within the meaning of 18
USC 1702, 1705, 1708, and 1725.

1.2Exclusions

Door slots and nonlockable bins or troughs used with apartment house
mailboxes are not letterboxes within the meaning of 18 USC 1725 and are
not private mail receptacles for the standards for mailable matter not
bearing postage found in or on private mail receptacles. The post or
other support is not part of the receptacle.

1.3Use for Mail

Except under 2.11, the receptacles described in 1.1 may be used only for
matter bearing postage. Other than as permitted by 2.10 or 2.11, no part
of a mail receptacle may be used to deliver any matter not bearing
postage, including items or matter placed upon, supported by, attached
to, hung from, or inserted into a mail receptacle. Any mailable matter
not bearing postage and found as described above is subject to the same
postage as would be paid if it were carried by mail.

On 5/24/2014 10:03 PM, Doug Miller wrote:
"Terry Coombs" wrote in news:la9gv.2400049$116.1180712
@fx21.iad:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

Probably a phishing email, since it didn't address you by name.

I saw that email come through, briefly read it and then deleted it. I
assumed that it was a phishing email but surprisingly it didn't have a
link in it anywhere. I should have looked closely at the headers but
didn't bother to. Wish I still had it so I could see what the "reply to"
address was. Anyway, I still don't think that it came from ebay because
I did not have a similar message from them in my message box.

If someone still has the message take a close look at the headers, etc.
and report back.

On Sat, 24 May 2014 23:32:23 -0400, Ed Pawlowski wrote:

On 5/24/2014 9:02 PM, micky wrote:


I have a slot in the front door (It came with the house) so that I don't
have to cancel my mail when I go out of town. Fedex comes with an
overnight letter from my bank and leaves it on the stoop, tilted towards
the street, so anyone can see that it's there and take it. Especially
a little kid might like the bright red, white, and blue envelope. I
talked to four people at fedex and none will tell me if fedex has a
policy about mail slots. One said that each city gets to make its own
policies. Really? So they have no national policies? They can have a
different city policy that permits opening and reading what's inside?


They are allowed to use the slot, but not a box.
http://pe.usps.gov/text/dmm/d041.htm
1.1Authorized Depository

Except as excluded by 1.2, every letterbox or other receptacle intended
or used for the receipt or delivery of mail on any city delivery route,
rural delivery route, highway contract route, or other mail route is
designated an authorized depository for mail within the meaning of 18
USC 1702, 1705, 1708, and 1725.

1.2Exclusions

Door slots and nonlockable bins or troughs used with apartment house
mailboxes are not letterboxes within the meaning of 18 USC 1725 and are
not private mail receptacles for the standards for mailable matter not
bearing postage found in or on private mail receptacles. The post or
other support is not part of the receptacle.

1.3Use for Mail

Except under 2.11, the receptacles described in 1.1 may be used only for
matter bearing postage. Other than as permitted by 2.10 or 2.11, no part
of a mail receptacle may be used to deliver any matter not bearing
postage, including items or matter placed upon, supported by, attached
to, hung from, or inserted into a mail receptacle. Any mailable matter
not bearing postage and found as described above is subject to the same
postage as would be paid if it were carried by mail.

Thanks. You know. I know. Why doesn't fedex know?

On Sun, 25 May 2014 03:03:13 +0000 (UTC), Doug Miller
wrote:

"Terry Coombs" wrote in news:la9gv.2400049$116.1180712
:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

Probably a phishing email, since it didn't address you by name.

BTW, isnt' one of the big problems of hackers getting names and email
addresses that when they send out phishing email, they CAN include your
actual name?

So that you're right the absence of a name is a telltale, but the
presence of one no longer is for places like Ebya, Target etc. etc. etc?


To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

If you changed your password by clicking on a link in that email, I think you'd better change
it again, RIGHT NOW -- but this time, go to eBay's web site to do it.

Right.

"Terry Coombs" wrote in message
...
It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database
containing eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay
is closing the gate . Too bad it's after all the horses have escaped .
--
Snag

I know that happened but I got no such Email.

IGot2P wrote:
On 5/24/2014 10:03 PM, Doug Miller wrote:
"Terry Coombs" wrote in
news:la9gv.2400049$116.1180712 @fx21.iad:

It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

Probably a phishing email, since it didn't address you by name.

I saw that email come through, briefly read it and then deleted it. I
assumed that it was a phishing email but surprisingly it didn't have a
link in it anywhere. I should have looked closely at the headers but
didn't bother to. Wish I still had it so I could see what the "reply
to" address was. Anyway, I still don't think that it came from ebay
because I did not have a similar message from them in my message box.

If someone still has the message take a close look at the headers,
etc. and report back.

Here ya go :


Return-path:
Envelope-to:
Received: from emailsecurity.infodash.com ([216.134.224.205])
by mail1.ytc.net with esmtp (Exim 4.80.1)
(envelope-from )
id 1WoKJ6-0005HK-Nz
for ; Sat, 24 May 2014 17:20:48 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result:
ArkhACsagVNbwvinhmdsb2JhbAAVLBQDAwqBXwZQgReDPwOnYI 97AYdaARFSFg4BAQEKCQsHFiiCLwwBAQERDg8DAQICCQgSDwEE AUEDEgICdR2HQWMBCI8jjyEBAYgGAYEvAYc9gmMBAXaDQUp6Ak UQgRCYIAIChU4BBotDAYEDgSkRAWEBBQEFAoIcDxcbEoE5iB6I NopglSQrEC8BgQmBMg
X-IPAS-Result:
ArkhACsagVNbwvinhmdsb2JhbAAVLBQDAwqBXwZQgReDPwOnYI 97AYdaARFSFg4BAQEKCQsHFiiCLwwBAQERDg8DAQICCQgSDwEE AUEDEgICdR2HQWMBCI8jjyEBAYgGAYEvAYc9gmMBAXaDQUp6Ak UQgRCYIAIChU4BBotDAYEDgSkRAWEBBQEFAoIcDxcbEoE5iB6I NopglSQrEC8BgQmBMg
X-IronPort-AV: E=Sophos;i="4.98,903,1392184800";
d="scan'208,217";a="109910977"
Received: from e3uspmta167.emarsys.net ([91.194.248.167])
by emailsecurity.infodash.com with ESMTP; 24 May 2014 17:20:49 -0500
DKIM-Signatu v=1; a=rsa-sha1; c=relaxed/relaxed; s=emarsys2007;
d=reply1.ebay.com;
h=List-Unsubscribe:List-Id:MIME-Version:To:From:Subject:Content-Type:Message-IDME-Version: 1.0-- Snag

On 5/24/14 5:37 PM, Terry Coombs wrote:
It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

To help ensure customers' trust and security on eBay, I am asking all
eBay users to change their passwords.

Here's why: Recently, our company discovered a cyberattack on our
corporate information network. This attack compromised a database containing
eBay user passwords.


Well , I changed my password a day or two ago , but it's nice that eBay is
closing the gate . Too bad it's after all the horses have escaped .

I looked at the warning on the Ebay homepage this morning.
It starts out

"On Wednesday, we announced that we are asking all eBay users to change
their password. This is because of a cyberattack that compromised our
eBay user database, which contained your encrypted password."

Funny thing about that. I haven't received an email about it yet.
There is nothing in my personal Ebay messages at their site either.
There are probably bunches of people with Ebay accounts who go months at
a time without looking at the Ebay site. I wonder how many of those
have been alerted somehow, someway.

On 25 May 2014, Dean Hoffman " wrote
in alt.home.repair:

Funny thing about that. I haven't received an email about it yet.
There is nothing in my personal Ebay messages at their site
either. There are probably bunches of people with Ebay accounts
who go months at a time without looking at the Ebay site. I
wonder how many of those have been alerted somehow, someway.

I never received any email from them, either, and like you there is no
evidence that they ever sent one to me. I do check in at Ebay every few
days or so, so maybe they figured I already knew, which I did.

Nil wrote:
On 25 May 2014, Dean Hoffman " wrote
in alt.home.repair:

Funny thing about that. I haven't received an email about it yet.
There is nothing in my personal Ebay messages at their site
either. There are probably bunches of people with Ebay accounts
who go months at a time without looking at the Ebay site. I
wonder how many of those have been alerted somehow, someway.

I never received any email from them, either, and like you there is no
evidence that they ever sent one to me. I do check in at Ebay every
few days or so, so maybe they figured I already knew, which I did.

Probably not , I got this email a couple of days after I changed my pwd .

--
Snag

On 5/24/2014 5:37 PM, Terry Coombs wrote:
It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

That right there makes me suspicious. The general rule is that if a
company with which you have a business relationship is contacting you,
they will use your name in the contact. Because, after all, they have
that information.

But scammers do not. Scammers send out a mass phishing email to
thousands if not millions of email addresses. They don't address their
potential victims by name because they don't have that information -
but by masquerading as a legitimate business contact, they're hoping
you'll hit their link and obligingly provide them with the information
they're seeking.

Maybe the email is legit, but I would treat it with caution.

On 5/27/2014 8:22 AM, Moe DeLoughan wrote:
On 5/24/2014 5:37 PM, Terry Coombs wrote:
It starts out :

IMPORTANT: PASSWORD UPDATE

Dear eBay Member,

That right there makes me suspicious. The general rule is that if a
company with which you have a business relationship is contacting you,
they will use your name in the contact. Because, after all, they have
that information.

But scammers do not. Scammers send out a mass phishing email to
thousands if not millions of email addresses. They don't address their
potential victims by name because they don't have that information - but
by masquerading as a legitimate business contact, they're hoping you'll
hit their link and obligingly provide them with the information they're
seeking.

Maybe the email is legit, but I would treat it with caution.


As would I, BUT...

As I observed, and as others have pointed out, the email DID have my
Ebay User name within the body, it was sent to my registered Ebay
address and NOWHERE in the email was there a link to click on to change
my password. Thus, it was about as dangerous as reading a warning
posted on Kim Komando's site or posts that there is a problem.

If you NEVER click on a link contained in this sort of email and merely
read the warning and take appropriate action by independently going to
the site and doing your thing, you'll have little, if anything, to worry
about.

What slays me is an otherwise well designed phishing email that, when
you roll over the link, you'll see that it's something like:

....foxynuts.ru yet it purports to be an official email from either the
IRS or US Postal Service. Always good for chuckle before launching it
into the junk mail folder.