Story image

Massive cyber attack sends eBay into disarray

22 May 14

eBay is asking users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data.

After conducting extensive tests on its networks, the company claims it has no evidence of the compromise resulting in unauthorised activity for eBay users or any unauthorized access to financial or credit card information.

However, changing passwords is a best practice and will help enhance security for eBay users.

"Information security and customer data protection are of paramount importance to eBay," says the online auction website.

"eBay regrets any inconvenience or concern that this password reset may cause our customers.

"We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace."

Cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network.

Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.

However, the database did not contain financial information or other confidential personal information.

The company says that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement.

eBay says it has seen no indication of increased fraudulent account activity and no evidence of unauthorized access or compromises to personal or financial information for PayPal users.

PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

In addition to asking users to change their eBay password, the company also is encouraging any eBay user who utilised the same password on other sites to change those passwords, too.

"The same password should never be used across multiple sites or accounts," eBay warns.

CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Game review: Just Cause 4 on PC
Rico Rodriguez returns to wreak over-the-top havoc for a fourth time. This time the island nation of Solís is our hero’s sandbox, ripe for destruction.
Hands-on review: Logitech G502 HERO gaming mouse
My favourite feature of the G502s is the ‘Sniper’ button, which is found on the left hand side of the device. When held, this lowers the DPI and allows you to achieve maximum accuracy whilst honing in on a kill on your favourite FPS title.
Interview: ZeniMax Online's game director talks Elder Scrolls Online
FutureFive’s Darren Price sat down with Matt Firor, ESO’s designer and now president and game director at ZeniMax Online.
IDC: Tablets stay dead, notebooks keep head above water
An IDC report predicts a soft personal PC market, slipping into further decline with the exception of notebooks, gaming PCs, and business PC upgrades.
A hands-on guide to Christmas shopping by Santa’s IT elf
Ho, ho, ho! So you’re back again for more inspiration for that hard-to-buy-for person in your life?
Govt commits $15.5m to digital identity research
“With more and more aspects of our lives taking place online it’s critical the government takes a lead to ensure New Zealanders have control of how and who uses their identity information,” says Minister Woods.