Hackers access user personal data stored by eBay
Users asked to change passwords as attackers compromise employee log-in credentials
IDG News Service - EBay is asking users to change their passwords after attackers gained unauthorized access to eBay's corporate network, compromising a database containing encrypted passwords and other personal data.
The attackers compromised a "small number of employee log-in credentials" between late February and early March to gain access to the network, the company said in a statement Wednesday, adding that it only discovered the attack about two weeks ago.
After conducting extensive tests, eBay found no evidence the attack resulted in unauthorized activity for eBay users. Likewise, no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats, was found, it added.
Data of eBay subsidiary PayPal wasn't compromised, eBay said, adding that PayPal data is stored separately on a secure network.
The eBay database contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, but no financial or other confidential information, eBay said. There is no evidence of increased fraudulent account activity on eBay, it said.
Nevertheless it would be wise for users change their passwords, the company said. "Changing passwords is a best practice and will help enhance security for eBay users," eBay said, adding that it regrets any inconvenience or concern that the password reset may cause.
The company is working with law enforcement and leading security experts to investigate the matter, and said it is "applying the best forensics tools and practices to protect customers."
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to email@example.com
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Cybercrime and Hacking White Papers | Webcasts