eBay warns of developer password-theft flaw
According to a warning from eBay's Kumar Kandaswamy, a vulnerability in the service allows malicious hackers to gain information to developer accounts. The company is strongly encouraging its user base to change passwords to the developer.ebay.com portal. The flaw does not affect ebay.com accounts.
eBay has recently identified a means by which someone could gain access to eBay Developers Program account information. This type of access DOES NOT allow the capture of financial or other sensitive information, such as credit card or bank account information or Social Security numbers. Fortunately, we have not detected any unusual activity with any Developer account.
Out of an abundance of caution and to help ensure the security of the eBay Developers Program, we are requiring that all developers take the following steps:
- Take advantage of our new, stricter password standards and change your eBay Developers Program (developer.ebay.com) passwords. It is not necessary to change eBay (www.ebay.com) passwords.
As a general rule, be sure to use strong passwords for all online or e-mail accounts. See this nifty Microsoft guidance on creating and using strong passwords.