facebook rss twitter

eBay hackers access 145 million records but PayPal isn't exposed

by Mark Tyson on 22 May 2014, 09:57

Tags: eBay

Quick Link: HEXUS.net/qacenz

Add to My Vault: x

Yesterday eBay asked its customers to change their passwords in the wake of a hacker raid that occurred three months ago, reports Reuters. A large part of a 145 million user record database was snatched from eBay's servers in the huge data breach. The hackers gained access to the records after they managed to obtain the login details of a number of eBay employees, so they could access the corporate network.

The purloined passwords were stored in an encrypted form by eBay and there is currently no reason to believe that hackers have managed to unscramble them. "There is no evidence of impact on any eBay customers," eBay spokeswoman Amanda Miller told Reuters. "We don't know that they decrypted the passwords because it would not be easy to do."

While the passwords might be safe it sounds like a lot of other vital identifying customer data might not be. Ms Miller told Reuters that "email addresses, birth dates, mailing addresses and other personal information" were also downloaded by the hackers. Also it's good to know that following the breach there has so far been no evidence of increased fraudulent activity, so far.

eBay sought to reassure us that the "exposed database didn't include financial data," reports the Wall Street Journal. However if you use the same username and password on eBay and PayPal you could have a problem. Users are recommended to change passwords and not share passwords among sites.

David Emm, senior security researcher at Kaspersky Lab, emailed HEXUS with a comment on the breach. He said that the hackers have already had up to three months to work on the encrypted passwords as well as try and leverage the other personal data. However as eBay has only just discovered the breach it is "doing the right thing by notifying customers in a timely manner". Emm also sought to drill home the message about not using the same passwords among the websites that you visit.

Have you changed your eBay password yet?



HEXUS Forums :: 9 Comments

Login with Forum Account

Don't have an account? Register today!
Yes, changed password yesterday.

They were for some reason unable to email the users and ask them to change - they can email quickly about free listings or other offers but not in this instance…
I didn't get emailed or messaged either… perhaps unaffected? Regardless, I changed my password.
A large part of a 145 million user record database was snatched from eBay's servers in the huge data breach.
Does this mean that the title of this article is a wee bitty misleading?

Also, if a “large part” of this vast store of data was grabbed, then why did it take eejit-bay this long to find out?

I'd change my password now, but there's been reports that the eBay servers are having problems coping with the load. :( Apart from anything, it's long overdue that I did anyway. Ooops! :embarrassed:

EDIT: just tried to change my password - not that straightforward, because when I eventually found the correct place (obvious when you think about it), the password checker decided that one, or more, of “^}>” were whitespace and it wasn't going to allow it. Also be interested to know what it thinks is a strong password. I tried a 12 character one with upper- and lower-case plus numbers and symbols (no dictionary words) and got told that this was only “medium” strength.
Just changed mine today, although I think there servers are feeling the strain of all these password changes as it took five tries for mine to go through.
I'm so glad ebay came forward when it happened ! it really puts ones mind at rest knowing we can trust them. And i'm certain they haven't “just discovered the breach” because there was talk about this having happened already about a month and a half ago ! And I was affected at the time, not being able to log in etc.
Why wasn't my name, address and telephone number encrypted? These companies need to be hauled over the coals. Surely any personal information should be encrypted by default. I know it's not a guarantee but hopefully it would take longer enough that the information would no longer be valuable… I spend my life keeping myself hidden and secure online only to have my details lost by someone else's unscrupulous practices. Frustrating.