eBay under Cyber Attack; advice Users to Change Passwords

Ebay-asks-users-to-change-passwords-now-bella-naija1-600x432

If you are a user of online auctioneer eBay it’s time to change your password, after the company admitted it was the victim of what is thought to be the 2nd largest data breach in US history.

Internet security experts said eBay “had questions to answer” last night, as the firm provided few details about how hackers had slipped undetected into its databases.

In an embarrassing disclosure for the firm, which accounted for £126 billion of commerce online last year, it revealed that the breaches involved hackers accessing the details of up to 128 million users as long as three months ago, though the attack was not detected until much more recently.

“Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” the company told the Telegraph yesterday.

Industry experts have pointed out that the firm is viewed by hackers as the golden goose of targets, with its popularity and massive online reach making it a potential gold mine for cybercriminals.

However the company insisted that it had no evidence of “unauthorized activity” on its members’ accounts and that data on its PayPal money transfer service remained secure.

Despite this reassurance, eBay recommended that its users change their passwords as “best practice” and promised to “enhance security for eBay users”.

Security experts have been quick to point out the breach isn’t restricted to passwords though, with compromised information also including “unprotected” real-world data such as customer names, email addresses, addresses, phone numbers and dates of birth.

Professor Alan Woodward, an internationally respected cybersecurity expert at the University of Surrey, told The Independent: “That this has happed to a big company like eBay results in a collective sigh from everyone involved online security. It just shouldn’t happen.

eBay has not provided any information about the kind of encryption it used to protect passwords, and experts such Prof Woodward have questioned why further personal information on the site was not encrypted at all, leaving the door open for “possible ID fraud” against affected users.

This won’t be the first time this year that Internet users have been asked to reset their passwords, with the Heartbleed bug, discovered in April, triggering widespread cybersecurity worries

RELATED ARTICLESMORE FROM AUTHOR