Not necessarily. If you use the forgot password and your password returns in clear text - then yes the database is likely either a weak salt, some sort of reversible encryption or plain text. Chances are they just noticed the DB was copied and as a precaution reset everyones passwords. -----Original Message----- From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Joey Kelly via Outages Sent: Tuesday, April 5, 2016 12:19 PM To: outages@outages.org Subject: Re: [outages] eBay password changes -- were they attacked? On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
I got one of those a few weeks ago.
When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
-DJ
Does that not imply they are not using salted hashes, but storing the passwords in plaintext? Or maybe they're intercepting the passwords and testing them against a dictionary? I might be OK with the latter, maybe (but who appointed them to be the world's password police?) --Joey Kelly <snip> -- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550 _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages