eBay hack: Users asked to change passwords after cyberattack hits 145 million

Compromised data includes encrypted passwords, home addresses, email addresses, phone numbers and individuals' date of birth

If you are a user of online auctioneer eBay it’s time to change your password, after the company admitted it was the victim of what is thought to be the 2nd largest data breach in US history.

Internet security experts said eBay “had questions to answer” last night, as the firm provided few details about how hackers had slipped undetected into its databases.

In an embarrassing disclosure for the firm, which accounted for £126 billion of commerce online last year, it revealed that the breaches involved hackers accessing the details of up to 128 million users as long as three months ago, though the attack was not detected until much more recently.

"Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords," the company told the Telegraph yesterday.

Industry experts have pointed out that the firm is viewed by hackers as the golden goose of targets, with its popularity and massive online reach making it a potential gold mine for cybercriminals.

However the company insisted that it had no evidence of “unauthorised activity” on its members’ accounts and that data on its PayPal money transfer service remained secure.

Despite this reassurance, eBay recommended that its users change their passwords as “best practise” and promised to “enhance security for eBay users”.

Security experts have been quick to point out the breach isn’t restricted to passwords though, with compromised information also including “unprotected” real-world data such as customer names, email addresses, addresses, phone numbers and dates of birth.

Professor Alan Woodward, an internationally respected cybersecurity expert at the University of Surrey, told The Independent: “That this has happed to a big company like eBay results in a collective sigh from everyone involved online security. It just shouldn’t happen.

“I infer from the statement from eBay that what has happened is that a small number of employees with privileged access have fallen prey to something like a phishing attack and inadvertently given away their login credentials. 

“However, for something as important as this database, it should take more than just username and password to access it. There should have been two-factor authentication. So, the question is was there and if there was how on earth did the hackers get past it? If not then eBay has some serious questions to answer.”

eBay has not provided any information about the kind of encryption it used to protect passwords, and experts such Prof Woodward have questioned why further personal information on the site was not encrypted at all, leaving the door open for “possible ID fraud” against affected users.

Brendan Rizzo, cyber security expert and the technical director at Voltage Security, a market leader in encryption technology, agrees that the “worrying aspect of this disclosure” was that eBay had left personally identifiable information “completely unprotected”.

He told The Independent: “This information would give the attackers almost all of the information they need to undertake fraudulent activity on a compromised user's behalf.  If data is left unprotected, it's not a matter of ‘if’ it will be compromised - it's a matter of ‘when’.”

This won't be the first time this year that Internet users have been asked to reset their passwords, with the Heartbleed bug, discovered in April, triggering widespread cybersecurity worries.

Life and Style
ebookNow available in paperback
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Project Implementation Executive

    £18000 - £23000 per annum: Recruitment Genius: They work with major vehicle ma...

    Recruitment Genius: Digital Account Executive - Midlands

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Ashdown Group: Front-End UI Application Developer

    £30000 - £40000 per annum + Benefits: Ashdown Group: Front-End UI Application ...

    Recruitment Genius: Digital Account Executive

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Day In a Page

    NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

    Who's monitoring the outsourced NHS services?

    A report finds that private firms are not being properly assessed for their quality of care
    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
    How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

    How do Greeks feel about Syriza?

    Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
    From Iraq to Libya and Syria: The wars that come back to haunt us

    The wars that come back to haunt us

    David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
    Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

    Too busy to surf? Head to The Pool

    A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders
    Heston Blumenthal to cook up a spice odyssey for British astronaut manning the International Space Station

    UK's Major Tum to blast off on a spice odyssey

    Nothing but the best for British astronaut as chef Heston Blumenthal cooks up his rations
    John Harrison's 'longitude' clock sets new record - 300 years on

    ‘Longitude’ clock sets new record - 300 years on

    Greenwich horologists celebrate as it keeps to within a second of real time over a 100-day test
    Fears in the US of being outgunned in the vital propaganda wars by Russia, China - and even Isis - have prompted a rethink on overseas broadcasters

    Let the propaganda wars begin - again

    'Accurate, objective, comprehensive': that was Voice of America's creed, but now its masters want it to promote US policy, reports Rupert Cornwell
    Why Japan's incredible long-distance runners will never win the London Marathon

    Japan's incredible long-distance runners

    Every year, Japanese long-distance runners post some of the world's fastest times – yet, come next weekend, not a single elite competitor from the country will be at the London Marathon
    Why does Tom Drury remain the greatest writer you've never heard of?

    Tom Drury: The quiet American

    His debut was considered one of the finest novels of the past 50 years, and he is every bit the equal of his contemporaries, Jonathan Franzen, Dave Eggers and David Foster Wallace
    You should judge a person by how they peel a potato

    You should judge a person by how they peel a potato

    Dave Hax's domestic tips are reminiscent of George Orwell's tea routine. The world might need revolution, but we like to sweat the small stuff, says DJ Taylor
    Bill Granger recipes: Our chef's dishes highlight the delicate essence of fresh cheeses

    Bill Granger cooks with fresh cheeses

    More delicate on the palate, milder, fresh cheeses can also be kinder to the waistline
    Aston Villa vs Liverpool: 'This FA Cup run has been wonderful,' says veteran Shay Given

    Shay Given: 'This FA Cup run has been wonderful'

    The Villa keeper has been overlooked for a long time and has unhappy memories of the national stadium – but he is savouring his chance to play at Wembley
    Timeless drama of Championship race in league of its own - Michael Calvin

    Michael Calvin's Last Word

    Timeless drama of Championship race in league of its own