The chaos of Heartbleed may have passed, but the number of high profile online hacks continues unabated. According to BusinessWire, auction site and global retailer eBay is the latest victim and has been hit by a huge cyberattack that compromised its main database holding user passwords. An email will be issued today informing all eBay users to urgently change their passwords.
The report claims there is: “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.”
The origin of the breach comes from hackers compromising a small number of employee log-in credentials, which gave access to eBay’s corporate network. EBay says it is working with law enforcement and leading security experts to “aggressively” investigate the matter.
Most troubling is the database was compromised between late February and early March and was not detected until two weeks ago. The hackers gained access to information including eBay customers’ names, their encrypted passwords, email, registered addresses, phone numbers and date of birth.
More positively, eBay says the database did not hold financial information as that is stored separately. Furthermore, it has not seen any evidence of a rise in fraudulent activity or additional attempts to gain entry to Paypal. Like eBay’s financial information, Paypal data is also stored separately.
EBay is taking the breach extremely seriously, stating that users employing the same password across eBay and other sites should also change those passwords. It stresses your eBay password should be unique.
source: forbes.com