It took eBay a *long* time to tell me to change my password


Yesterday, at 5:32pm UK time, I received an email from eBay, telling me that I should consider changing my password because they had suffered a security breach.

Email from eBay

This wasn’t news to me (and I suspect not you either).

After all, on Wednesday last week (at 12:22pm) I posted a story asking “Should you change your eBay password?”, after I saw a strange message appear on PayPal’s press website:

eBay asks you to change your passwords?

eBay scrabbled to remove the “placeholder text” announcement which clearly wasn’t ready for public distribution, replacing it a few hours later with an official announcement.

For the record, I posted on my website that people should consider changing their eBay passwords a full 5 days, 5 hours, and 10 minutes before eBay emailed me.

I think that’s a pretty shameful response by eBay.

And I hear lots of eBay users still haven’t received any notification from the company that there has been a security breach, and that their personal information has been exposed.

Even if you have received the email from eBay it doesn’t bother to tell you *how* to change your password. So, here’s my simple guide:

How to change your eBay password

  • Log into your eBay account
  • Click on your name in the top left corner, and select Account Settings
  • Now click “Personal Information”. You should see an option to “edit” your password.
  • You will make sure you’re not using the same password anywhere else, won’t you? Good.

Remember, of course, to make sure that you are not re-using passwords on different websites.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack, key logger or a hack like the one against eBay) and then criminals could use it to unlock your other online accounts.

If you find passwords a burden - simply use password management software like Bitwarden, 1Password, and KeePass to make them both safer and easier to remember.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

6 Responses

  1. Havenswift Hosting

    May 27, 2014 at 12:18 pm #

    Still not received any emails from eBay for a number of different accounts either and while it probably takes a while to send that many emails out to all their users it is extremely poor of eBay to have taken as long as it did to even start sending them and they should be doing everything they can to speed the process up. Luckily we are subscribed to your newsletter / site emails and changed all of our passwords for our accounts within a few minutes of you posting your initial warning and had also warned all of our users as well

  2. Eeeeeeeksbay

    May 27, 2014 at 12:44 pm #

    Well well, apart from that VERY slow response from eBay as to resetting one’s account password.… eBay is even messing up BIG TIME now: cross scripting, cookie injections just by visiting one of the eBay items from a hacker…


    Read here:

    Yes, the boy is just 19 years old, but eBay can’t get its act together.
    “Eeeeeeeksbay” !

  3. Keith Appleyard

    May 27, 2014 at 1:10 pm #

    Still not received any emails from eBay (or PayPal) - not even spoof / spam ones!

  4. J uk

    May 27, 2014 at 1:37 pm #

    I only just received my official email yesterday at 9:53 if hadn’t been for my trusted daily security feeds would of been a lot lot longer

    Not to mention the fact it took me 3 days to get ebay to even except a new password because certain characters like !] ) - aren’t excepted which was not made clear at all..

  5. Philip

    May 27, 2014 at 6:28 pm #

    Well, given that the breach took place in February I don’t see that an extra few days makes much difference either way.
    I’m more concerned about my unencrypted personal details getting loose anyway.

  6. Keith Appleyard

    June 1, 2014 at 10:31 pm #

    Finally – I get the long anticipated e-mail notification from eBay that they have been hacked and that I should change my password – 11 days after they first reported it on their blog. What’s with those guys’ e-mail system, 11 days to tell us here in the UK? Fortunately I changed my password a while ago.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.