EcommerceBytes brought this news to our attention yesterday, pointing to a blog post from Etsy that puts at least some blame for the spam on recent prominent user info breaches, explaining that a breach at one site puts others at risk because people are lazy. “Whenever this happens, it can put accounts on other websites that have not been attacked at risk, especially if the same login information has been used across multiple websites,” the company’s VP of Technical Operations blogged.
Not so fast, eBay says: the baddies got customer data by breaking in with employee credentials, but not passwords. Customer passwords are encrypted and an employee couldn’t see them. An eBay representative told EcommerceBytes that everything is just fine on their end.
“We see no evidence at all of fraud activity and there are normal levels of buying and selling on our site,” the eBay rep wrote. No unusually rampant message-spamming or account-hijacking over at eBay.
Of course, all of this finger-pointing just brings one important issue to the spotlight: you should devise strong and varied passwords for each different sites that you use.
eBay Pushes Back on Etsy Hack Claims [EcommerceBytes]