eBay hacked, all users asked to change passwords

Share this article:
eBay hacked, all users asked to change passwords
eBay is asking all users to change their passwords after a database was hacked.

eBay is asking all its users to change their passwords after attackers compromised employee credentials and gained unauthorized access to a database that stored personal information.

The company learned of the unauthorized access in May and, following an investigation, learned that the attack may have occurred sometime between late February and early March, according to a release, which adds that the issue is believed to be resolved.

Details are scarce as the investigation is ongoing, but officials with the popular online auction and shopping website announced on Wednesday that attackers gained unauthorized access to a database containing names, addresses, phone numbers, dates of birth, email addresses and encrypted passwords.

An eBay spokesperson did respond to a SCMagazine.com inquiry into the type of encryption that the company uses, but in a Wednesday email correspondence with SCMagazine.com, Cris Thomas, technical manager with Tenable Network Security, said he wants to know how the passwords were encrypted, and if the data was salted.

“With that information, I can have a realistic idea of what the chances are of my password being brute-forced,” Thomas said. “That way I can determine my level of exposure and be able to offer practical advice to other people who may also be impacted.”

In a Wednesday email correspondence, Ilia Kolochenko, CEO of High-Tech Bridge, told SCMagazine.com that even larger companies are guilty of storing customer passwords simply by using classic MD5 hashes without salt, which could enable decryption.

According to a FAQ posted Wednesday by eBay, financial information, as well as Social Security numbers, Taxpayer Identification numbers and National Identification numbers, were not compromised. Additionally, eBay said its other platforms – PayPal, StubHub, eBay Classifieds, Tradera, GMarket, GumTree or GittiGidiyor – were unaffected.

Page 1 of 2
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.