Wednesday, May 21, 2014

EBay 'Cyberattack' Prompts 145 Million Users To Change Password

E-commerce giant eBay Inc. is asking customers to change their passwords after a recent hack that the company says exposed customer names and passwords, but didn't manage to steal any financial information.

EBay Inc said on Wednesday that a cyber attack carried out three months ago has compromised customer data, and the company urged 145 million users of its online commerce platform to change their passwords.

The company said unknown hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information in an attack carried out between late February and early March. The files did not contain financial information.

The company says the attack happened between February and March when hackers accessed a database containing customer names, encrypted passwords, email addresses, birth dates, physical addresses and phone numbers.

"Beginning later today [Wednesday] it will be asking eBay users to change their passwords because of a cyberattack," eBay said in a statement.

"The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today."

PayPal not affected

The company says it has found no evidence of any unauthorized access to financial or credit card information, or any fraudulent sales activity connected to the breach.

EBay says it has an "active investigation" into the matter and is working with law authorities, and as such can't comment on the number of customer accounts affected. For now, it is urging all customers to change their passwords as a precaution.

The company also owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.

The breach comes on the heels of several high-profile online security scandals at other companies, including Target, which exposed the customer data for 70 million people last fall. And in March, a worldwide web bug known as Heartbleed left as many half a million websites vulnerable to being hacked because of a flaw in a commonly used source code known as Open SSL.

Ken Owen, a cybersecurity expert at McMaster University in Hamilton, Ont., says eBay's just the lastest victim of a round of cyberattacks that are likely to become more and more common.

"It's better to take it on the chin and let people know that there's a problem than to try and disguise it," he says. "Every aspect of your business is tied to information technology now … so, you're always vulnerable in that sense."

"You have to stay on top of this all the time," he says.


No comments:

Post a Comment