eBay hack: Users asked to change passwords after cyberattack hits 145 million
Compromised data includes encrypted passwords, home addresses, email addresses, phone numbers and individuals' date of birth
If you are a user of online auctioneer eBay it’s time to change your password, after the company admitted it was the victim of what is thought to be the 2nd largest data breach in US history.
Internet security experts said eBay “had questions to answer” last night, as the firm provided few details about how hackers had slipped undetected into its databases.
In an embarrassing disclosure for the firm, which accounted for £126 billion of commerce online last year, it revealed that the breaches involved hackers accessing the details of up to 128 million users as long as three months ago, though the attack was not detected until much more recently.
"Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords," the company told the Telegraph yesterday.
Industry experts have pointed out that the firm is viewed by hackers as the golden goose of targets, with its popularity and massive online reach making it a potential gold mine for cybercriminals.
However the company insisted that it had no evidence of “unauthorised activity” on its members’ accounts and that data on its PayPal money transfer service remained secure.
Despite this reassurance, eBay recommended that its users change their passwords as “best practise” and promised to “enhance security for eBay users”.
Security experts have been quick to point out the breach isn’t restricted to passwords though, with compromised information also including “unprotected” real-world data such as customer names, email addresses, addresses, phone numbers and dates of birth.
Professor Alan Woodward, an internationally respected cybersecurity expert at the University of Surrey, told The Independent: “That this has happed to a big company like eBay results in a collective sigh from everyone involved online security. It just shouldn’t happen.
“I infer from the statement from eBay that what has happened is that a small number of employees with privileged access have fallen prey to something like a phishing attack and inadvertently given away their login credentials.
“However, for something as important as this database, it should take more than just username and password to access it. There should have been two-factor authentication. So, the question is was there and if there was how on earth did the hackers get past it? If not then eBay has some serious questions to answer.”
eBay has not provided any information about the kind of encryption it used to protect passwords, and experts such Prof Woodward have questioned why further personal information on the site was not encrypted at all, leaving the door open for “possible ID fraud” against affected users.
Brendan Rizzo, cyber security expert and the technical director at Voltage Security, a market leader in encryption technology, agrees that the “worrying aspect of this disclosure” was that eBay had left personally identifiable information “completely unprotected”.
He told The Independent: “This information would give the attackers almost all of the information they need to undertake fraudulent activity on a compromised user's behalf. If data is left unprotected, it's not a matter of ‘if’ it will be compromised - it's a matter of ‘when’.”
This won't be the first time this year that Internet users have been asked to reset their passwords, with the Heartbleed bug, discovered in April, triggering widespread cybersecurity worries.
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
'I am a paedophile': Is our approach to sex offenders helping to create more victims?
Dame Vivienne Westwood: The former Queen of Punk may now be an establishment pillar, but her work is still controversial – and much copied
Revealed: Lidl’s £4 perfume smells identical to Chanel’s £70 scent - but the difference is in the bottle
Regin: US and UK intelligence services could be responsible for snooping spyware
Rochester by-election: Ukip gains second MP as Tory defector Mark Reckless holds seat
'Beast of Bolsover' Dennis Skinner takes Ukip MP Mark Reckless to task moments after he is sworn in
Rochester by-election: Labour MP Emily Thornberry resigns after posting white van and England flags tweet
The young are the new poor: Sharp increase in number of under-25s living in poverty, while over-65s are better off than ever
Revealed: How the world gets rich – from privatising British public services
Exclusive: UK approved £7m Israeli arms sales in six months before Gaza conflict
- 1 Tamir Rice: 12-year-old boy playing with fake gun dies after being shot by Ohio police
- 2 To help fuel their propaganda machine against the poor, our government has now decided to redefine the word 'welfare'
- 3 Black Friday 2014: Opening hours for John Lewis, Asda, PC World, GAME and Argos
- 4 Bill Cosby: Isn’t it obvious why his accusers have stayed silent up until now?
- 5 Jeremy Hunt: 'I took my children to A&E because I didn't want to wait for GP appointment'
iJobs Gadgets & Tech
£26000 - £33000 per annum + benefits and bonus: Ashdown Group: PHP Developer (...
£18000 - £24000 per annum: Recruitment Genius: A Junior Software Developer is ...
£28000 per annum: Ashdown Group: PHP Web Developer - PHP MySQL JQuery HTML CSS...
£250 per day: Langley James : Network Engineer, NHS, CCNA, CCNP, West London £...