So eBay fessed up to being hacked this week but made a very poor fist of explaining what happened to its 145 million users. The shopping site now says that emails are being sent to eBay members to alert them to the problem — and it has finally put a note on its home page about the issue.
Given the number of emails to send, it's perhaps understandable that not everyone will see it straight away. An eBay spokesperson says that as well as the email, eBay will be "utilising all of our other customer touch points to get the message out — this includes our social channels, our onsite announcement boards, the eBay Inc website and of course our customer service representatives".
That's all well and good, but this notice should have gone on the main eBay page as soon as the hack was revealed, not more than 36 hours later.
If you have an eBay account, you definitely should change the password — and make sure it's a unique password, not one you use somewhere else. And if your old eBay password was used anywhere else, change that too. Again: the way eBay is handling this is an object lesson to everyone else in what not to do.