eBay hack: Users asked to change passwords after cyberattack hits 145 million

Compromised data includes encrypted passwords, home addresses, email addresses, phone numbers and individuals' date of birth

If you are a user of online auctioneer eBay it’s time to change your password, after the company admitted it was the victim of what is thought to be the 2nd largest data breach in US history.

Internet security experts said eBay “had questions to answer” last night, as the firm provided few details about how hackers had slipped undetected into its databases.

In an embarrassing disclosure for the firm, which accounted for £126 billion of commerce online last year, it revealed that the breaches involved hackers accessing the details of up to 128 million users as long as three months ago, though the attack was not detected until much more recently.

"Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords," the company told the Telegraph yesterday.

Industry experts have pointed out that the firm is viewed by hackers as the golden goose of targets, with its popularity and massive online reach making it a potential gold mine for cybercriminals.

However the company insisted that it had no evidence of “unauthorised activity” on its members’ accounts and that data on its PayPal money transfer service remained secure.

Despite this reassurance, eBay recommended that its users change their passwords as “best practise” and promised to “enhance security for eBay users”.

Security experts have been quick to point out the breach isn’t restricted to passwords though, with compromised information also including “unprotected” real-world data such as customer names, email addresses, addresses, phone numbers and dates of birth.

Professor Alan Woodward, an internationally respected cybersecurity expert at the University of Surrey, told The Independent: “That this has happed to a big company like eBay results in a collective sigh from everyone involved online security. It just shouldn’t happen.

“I infer from the statement from eBay that what has happened is that a small number of employees with privileged access have fallen prey to something like a phishing attack and inadvertently given away their login credentials. 

“However, for something as important as this database, it should take more than just username and password to access it. There should have been two-factor authentication. So, the question is was there and if there was how on earth did the hackers get past it? If not then eBay has some serious questions to answer.”

eBay has not provided any information about the kind of encryption it used to protect passwords, and experts such Prof Woodward have questioned why further personal information on the site was not encrypted at all, leaving the door open for “possible ID fraud” against affected users.

Brendan Rizzo, cyber security expert and the technical director at Voltage Security, a market leader in encryption technology, agrees that the “worrying aspect of this disclosure” was that eBay had left personally identifiable information “completely unprotected”.

He told The Independent: “This information would give the attackers almost all of the information they need to undertake fraudulent activity on a compromised user's behalf.  If data is left unprotected, it's not a matter of ‘if’ it will be compromised - it's a matter of ‘when’.”

This won't be the first time this year that Internet users have been asked to reset their passwords, with the Heartbleed bug, discovered in April, triggering widespread cybersecurity worries.

READ MORE: THE 25 WORST PASSWORDS REVEALED - IS YOURS ON THE LIST?
News
peopleFrankie Boyle responds to referendum result in characteristically offensive style
News
news
Life and Style
Couples have been having sex less in 2014, according to a new survey
life
New Articles
i100... with this review
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Voices
Holly's review of Peterborough's Pizza Express quickly went viral on social media
Sport
footballTim Sherwood: This might be th match to wake up Manchester City
Arts and Entertainment
musicHow female vocalists are now writing their own hits
New Articles
i100
News
news
Arts and Entertainment
musicBiographer Hunter Davies has collected nearly a hundred original manuscripts
News
Blahnik says: 'I think I understand the English more than they do themselves'
people
Arts and Entertainment
Michelle Dockery as Lady Mary Crawley in Downton Abbey
TVInside Downton Abbey series 5
Life and Style
The term 'normcore' was given the oxygen of publicity by New York magazine during the autumn/winter shows in Paris in February
fashionWhen is a trend a non-trend? When it's Normcore, since you ask
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Graduate BI Consultant (Business Intelligence) - London

    £24000 - £30000 per annum + benefits: Ashdown Group: Graduate BI Consultant (B...

    Service Delivery Manager (Product Manager, Test and Deployment)

    £40000 - £55000 per annum: Ashdown Group: Service Delivery Manager (Product Ma...

    Technical Product Marketing Specialist - London - £70,000

    £50000 - £70000 per annum: Ashdown Group: Cloud Product and Solutions Marketin...

    Trainee Helpdesk Analyst / 1st Line Application Support Analyst

    £18000 per annum: Ashdown Group: An established and growing IT Consultancy fir...

    Day In a Page

    Scottish referendum: The Yes vote was the love that dared speak its name, but it was not to be

    Despite the result, this is the end of the status quo

    Boyd Tonkin on the fall-out from the Scottish referendum
    Manolo Blahnik: The high priest of heels talks flats, Englishness, and why he loves Mary Beard

    Manolo Blahnik: Flats, Englishness, and Mary Beard

    The shoe designer who has been dubbed 'the patron saint of the stiletto'
    The Beatles biographer reveals exclusive original manuscripts of some of the best pop songs ever written

    Scrambled eggs and LSD

    Behind The Beatles' lyrics - thanks to Hunter Davis's original manuscript copies
    'Normcore' fashion: Blending in is the new standing out in latest catwalk non-trend

    'Normcore': Blending in is the new standing out

    Just when fashion was in grave danger of running out of trends, it only went and invented the non-trend. Rebecca Gonsalves investigates
    Dance’s new leading ladies fight back: How female vocalists are now writing their own hits

    New leading ladies of dance fight back

    How female vocalists are now writing their own hits
    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments
    These Iranian-controlled Shia militias used to specialise in killing American soldiers. Now they are fighting Isis, backed up by US airstrikes

    Widespread fear of Isis is producing strange bedfellows

    Iranian-controlled Shia militias that used to kill American soldiers are now fighting Isis, helped by US airstrikes
    Topshop goes part Athena poster, part last spring Prada

    Topshop goes part Athena poster, part last spring Prada

    Shoppers don't come to Topshop for the unique
    How to make a Lego masterpiece

    How to make a Lego masterpiece

    Toy breaks out of the nursery and heads for the gallery
    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Urbanites are cursed with an acronym pointing to Employed but No Disposable Income or Savings
    Paisley’s decision to make peace with IRA enemies might remind the Arabs of Sadat

    Ian Paisley’s decision to make peace with his IRA enemies

    His Save Ulster from Sodomy campaign would surely have been supported by many a Sunni imam