[outages] eBay password changes -- were they attacked?
Nick Pron
Nick.Pron at xbase.com
Tue Apr 5 12:22:45 EDT 2016
Not necessarily. If you use the forgot password and your password returns in clear text - then yes the database is likely either a weak salt, some sort of reversible encryption or plain text.
Chances are they just noticed the DB was copied and as a precaution reset everyones passwords.
-----Original Message-----
From: Outages [mailto:outages-bounces at outages.org] On Behalf Of Joey Kelly via Outages
Sent: Tuesday, April 5, 2016 12:19 PM
To: outages at outages.org
Subject: Re: [outages] eBay password changes -- were they attacked?
On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
> I got one of those a few weeks ago.
>
> When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
>
> -DJ
Does that not imply they are not using salted hashes, but storing the passwords in plaintext? Or maybe they're intercepting the passwords and testing them against a dictionary? I might be OK with the latter, maybe (but who appointed them to be the world's password police?)
--Joey Kelly
<snip>
--
Joey Kelly
Minister of the Gospel and Linux Consultant http://joeykelly.net
504-239-6550
_______________________________________________
Outages mailing list
Outages at outages.org
https://puck.nether.net/mailman/listinfo/outages
More information about the Outages
mailing list