Should you change your eBay password?

Update: Since this story was written, eBay has confirmed that it has suffered a security breach, and that users should change their passwords. Read more here.

It’s all very curious.

A post has appeared on PayPal’s community site and press website claiming that eBay is going to ask all eBay users to change their passwords.

eBay asks you to change your passwords?

eBay Inc. To Ask All eBay Users To Change Passwords

place holder text.

If you click on the link you get taken to this:

eBay password notice?

PayPal, you will recall, is owned by eBay. It seems, therefore, somewhat unlikely that they would be pulling the leg of eBay users.

And yet, the message is clearly incomplete.

I see a few possible explanations until PayPal or eBay tells us what is going on:

  1. Some mischief-maker has managed to access PayPal’s blog and post a bogus headline. That wouldn’t be good news.
  2. There’s been an internal screw-up at PayPal, and someone has accidentally published a blog post (perhaps prepared during a crisis management exercise) claiming that all eBay passwords need to be reset. That wouldn’t be good news, but not as bad as an unauthorised party gaining access to the PayPal blog… or indeed as bad as a security breach
  3. PayPal has identified, or been responsibly informed of, a security issue that requires users to change their passwords as a precaution. That wouldn’t be good, but better than some scenarios.
  4. PayPal has had a security breach and is going to ask all of its users to change their passwords. Their announcement has been published a little before schedule, before they’d finished writing it. That wouldn’t be good.

I don’t know which scenario is true. But I just changed my eBay password.

You may wish to do the same.

Via Engadget.

Update: The mystery post has now disappeared from PayPal’s website. It will be interesting to see if they make any further comment.

Later update: Oh dear. eBay has now confirmed it has suffered a security breach.

What do you think is happening? Leave your opinion below while we wait to hear official word from eBay/PayPal

Tags: , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

2 Responses

  1. eric rush

    May 21, 2014 at 2:08 pm #

    My bank phoned me this to check that I was the person who used my PayPal account 5 times yesterday

  2. Colm

    May 21, 2014 at 2:11 pm #

    By radically changing a password before an official release is good, although that would also hint at another possibility:

    * Through whatever new security measures eBay are going through, or worse still, an ongoing attack, prematurely changing one’s password may not be preventative, as you may be asked to do it again once the correct action has been taken.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.