Ebay Hacked – Database of 145 Million Accounts Accessed
San Jose, California – EBay, the world’s largest online auction site, has acknowledged their customer database of 145 million users has been hacked and copied off by cyber thieves. EBay says that hackers did not get the entire database, just a big part of it. How big a part? Well, they don’t exactly know. So what data did the hackers purloin? Dates of birth, addresses, names, e-mail accounts, and passwords. It should be noted that the passwords were encrypted and EBay is adamant that the thieves would not be able to decrypt them, at least not easily. EBay says credit card information and PayPal were not affected as least to their knowledge. Well, at least that’s what they’re saying as of this writing.
Admittedly, it is the way that EBay nuances their assurances that is unsettling. Either way, this breech once again underscores the need to maintain different passwords for each account. Sadly, far too many people reuse the same password for their bank accounts, credit cards, brokerage link accounts, etc. This makes it all too easy for a cyber-thief to inflict financial damage. EBay is asking their customers to use different passwords for their various accounts. As it currently stands, this breech will become the second biggest in US history. Sadly, the news will most assuredly get worse as the dust settles and the length and depth of the breech is determined.
Hackers were able to crack passwords for some key employees which gave them remote access into EBay’s servers. For their part, EBay is committed to learn the full nature of the breech and has announced that forensic specialists FireEye Inc. will conduct the cyber-crime scene investigation. EBay also is reporting that they are not witnessing an increase in customer accounts being illegally accessed any more than they customarily experience. This would indicate that hackers haven’t been able to decrypt the passwords.
Official Press Release From eBay:
eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.
Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.
The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.
Source material:
http://www.reuters.com/article/2014/05/22/ebay-password-idUSL3N0O80SD20140522?type=companyNews&feedType=RSS