For those of you who didn't already hear, eBay got hacked the other day... well... not actually the other day, but in February. But they elected to do the decent thing and actually tell all of their affected customers about it as soon as they found out about it. Well, actually, they found out about it two weeks ago, and only just made a press announcement about it yesterday, once they found out that the State of North Dakota has a law in place that would compel them not to hide this information, whwich is apparently what they would have preferred to do... sweep it all under the rug, and decency be damned. And, actually, as far as I know they still haven't even directly told any of their affecetd customers... welll... not me anyway. They did have the courtesy to tell the press about it, knowing, as they surely did, that they (the press) would find out about it eventually anyway.
eBay is now encouraging all of their customers to change their passwords, which I dutifully did yesterday. After that, eBay sent me the following message, the last bit of which is rather entirely puzzling: =========================================================================== ----------------------------------------------------------------- eBay Change Password Confirmation ----------------------------------------------------------------- Dear Ron, This is a courtesy message to let you know that your eBay password has been successfully changed. No response is needed. If you did not make this change, please contact us at http://ocs.ebay.com/ws/eBayISAPI.dll?[REDACTED] and sign in as a guest. The password change request was made from: - IP address: 69.62.255.118 - ISP host: 10.2.98.245 =========================================================================== So, I mean, WTF? 69.62.255.118 is indeed my correct static IP address, and is indeed the place from whence I changed my password yesterday. I really do wonder where the bleep they got 10.2.98.245 from. Obviously, that's an RFC1918 address. I do suspect that that IP address has a lot more to do with them, and with the geography of their own internal network than it has to do with _my_ ISP. Regards, rfg P.S. Before I was allowed to change my password, I first had to confirm, just via the web site, that my e-mail address was correct. The text on the eBay was site said that this was needed so that they could confirm my password change via e-mail. I changed the password via the web site and _never_ received any sort of e-mail message asking me to confirm that change. I offer the observation that in the online world, there seems to be a lot that separates good intentions from actual competence. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
