Trivia: Puzzling eBay response (IP

Ronald F. Guilmette rfg at
Thu May 22 20:04:26 UTC 2014

For those of you who didn't already hear, eBay got hacked the other
day... well... not actually the other day, but in February.  But
they elected to do the decent thing and actually tell all of their
affected customers about it as soon as they found out about it.
Well, actually, they found out about it two weeks ago, and only
just made a press announcement about it yesterday, once they found
out that the State of North Dakota has a law in place that would
compel them not to hide this information, whwich is apparently what
they would have preferred to do... sweep it all under the rug, and
decency be damned.  And, actually, as far as I know they still haven't
even directly told any of their affecetd customers...  welll... not
me anyway.  They did have the courtesy to tell the press about it,
knowing, as they surely did, that they (the press) would find out
about it eventually anyway.

eBay is now encouraging all of their customers to change their
passwords, which I dutifully did yesterday.

After that, eBay sent me the following message, the last bit of which
is rather entirely puzzling:

eBay Change Password Confirmation

Dear Ron,

This is a courtesy message to let you know that your eBay password has been
successfully changed. No response is needed.

If you did not make this change, please contact us at[REDACTED] and sign in as a guest.

The password change request was made from:
- IP address:
- ISP host: 

So, I mean, WTF? is indeed my correct static IP address, and is indeed the
place from whence I changed my password yesterday.

I really do wonder where the bleep they got from.

Obviously, that's an RFC1918 address.

I do suspect that that IP address has a lot more to do with them, and with
the geography of their own internal network than it has to do with _my_ ISP.


P.S.  Before I was allowed to change my password, I first had to confirm,
just via the web site, that my e-mail address was correct.  The text on
the eBay was site said that this was needed so that they could confirm
my password change via e-mail.

I changed the password via the web site and _never_ received any sort of
e-mail message asking me to confirm that change.

I offer the observation that in the online world, there seems to be a lot
that separates good intentions from actual competence.

More information about the freebsd-net mailing list