eBay users put on red alert after cyber-attack
In a statement the company said they were asking users to reset their passwords after an attack “compromised a database containing encrypted passwords and other non-financial data”.
The site was quick to say that it believes no unauthorised access was gained to personal data, but said that a password reset was the best practice to help ensure security.
“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay’s corporate network,” said the statement.
“Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”
EBay said the database was breached at some point in late February and early March, with access gained to personal customer information including password, address and date of birth.
However, the company says that no financial information has been compromised, as this data is stored on a separate database under a different encryption.
“The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today,” the company said.
EBay also said it has seen no indication of increased fraudulent account activity on the site. It said it has no evidence of unauthorised access or compromises to personal or financial information for PayPal users.
PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
“Information security and customer data protection are of paramount importance to eBay, and eBay regrets any inconvenience or concern that this password reset may cause our customers,” said eBay.
“We take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
The internet is still recovering from the Heartbleed bug, a flaw in the OpenSSL encryption on computers that protects user information when someone is online.
The flaw had been present for two years undetected, and offered hackers a way into personal accounts across the web.
A spokesman for eBay said: “Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords.
“Recently, our company discovered a cyber-attack on our corporate information network which compromised a database containing eBay user passwords,” eBay said. “There is no evidence that any financial information was accessed or compromised; however we are taking every precaution to protect our customers.”
CONNECT WITH US TODAY
Be the first to know the latest news and updates
