eBay wants to reassure you that it's your fault

24 May 2014 by Steve Blum

Meet our new chief security officer.

I’m still waiting for my email from eBay telling me I should change my password. I checked my spam folder – that’s where all the other emails that tell me to click here and enter my password end up. Not a peep from the peeps at eBay, though. Of course, they only got around to flagging that advice on their home page yesterday. In an understated, be-sure-to-floss-daily sort of way

We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.

They want you to change your passwords because it’s the right thing to do and a good idea. Not because eBay opened the gates of corporate liability hella database containing encrypted password and other non-financial data was compromised”. Just birth dates, physical and email addresses and telephone numbers. You know, the kind of information that those who don’t care as much about you as eBay use to verify your ID. Like credit card companies, gas stations, pharmacies and the cute cashier at REI who wants to know what to do with your annual dividend.

Last year’s mega-hack at Target, the Heartbleed bug earlier this year and eBay’s massive dump prove there’s opportunity for creative minds: memorable passwords and magnetic stripes are the mystic tiki amulets of cyberspace. It’s time to listen to new thinking.