EBay Hit by Cyberattack -- Asks Customers to Change Passwords
Published on: 21st May 2014
Online retail giant, eBay has admitted that it has been subjected to a hack attack, and is asking customers to change their passwords as a precaution.
In a statement, the company said that a database containing encrypted passwords and other non-financial data had been compromised by the hacker.
The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.
The company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately, also in encrypted formats.
Although credit card and financial data wasn't stolen, enough personal information is now in the hands of hackers that could be useful -- especially the linkage between email address, date of birth and phone number -- often used by other companies to verify a person's identity.
Although eBay is focusing on the password issue, the potential for the stolen data to be used in identify theft situations should not be overlooked.
The company elaborated by explaining that cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network.
However, it said that changing passwords is a best practice and it will start sending out emails to customers later today.
The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today.
The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.