eBay falls prey to a cyber attack, asks 145M users to change their passwords
eBay Inc., one of the largest online marketplaces in the world urged 145 million of its users to change their passwords because of a cyber attack that compromised a database containing encrypted passwords and other non-financial data. According to the company, cyber attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network.
The database, which was compromised between late February and early March 2014, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.
The company said that the compromised employee log-in credentials were first detected about two weeks ago. Which makes us wonder why the company took so long to issue out a warning to its customers?
In addition to asking users to change their eBay password, the company is also encouraging any eBay user who utilised the same password on other sites to change those passwords, too.
"Information security and customer data protection are of paramount importance to eBay, and we regret any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace," read an official company blog post.
The company said it has seen no indication of increased fraudulent account activity on eBay. It further claims that it has no evidence of unauthorised access or compromises to personal or financial information for PayPal users, since PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
Considering the number of users affected by the breach, it could very well be one of the largest internet security break-ins ever. Back in 2011, Sony Corp suffered a huge breach in its video game online network that allowed the theft of names, addresses and possibly credit card data belonging to 77 million user accounts.