Thats right, Ebay has been hacked and is asking users to immediately change their passwords to avoid loss of funds and potential compromise of the account. Quoted directly from ebayinc
eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data.
The way the attackers were able to penetrate the Ebay and Paypal network was by using employee log-in credentials. According to Ebay the compromise was detected 2 weeks ago, so how come we are only being told about it now?
Furthermore, before telling the compromised customers about the cyberattac Ebay decided to first investigate how bad the compromise really was, and only after identifying that Ebay customer’s names, encrypted password, email, physical address, phone number, and date of birth. Luckily the attackers were not able to compromise customer’s credit card information because it was stored on a different, more secure server.
Ebay user’s will be notified by email to change their password. Even though the user’s original password was not compromised, only the encrypted version, it is still recommended to change your password because attackers can recover your password using other means.
If you do not know how here are the steps to change your password on Ebay:
1 — Login
2 — In the upper left, however over your name
3 — In the drop down, click “Account Settings”
4 — On the left, click “Business/Personal Information”
5 — On the right, click “Edit” next to your password
How did it happen?
The weakness here were the employees. It seems that standard phishing methods were used in order to gain information about the employee’s login credentials. Once that information was obtained, attackers could login to the Ebay corporate network pretending to be corporate employees, and were able to leak the information from there.
Luckily the hackers were only able to leak only limited information on the Ebay servers. They were only able to leak customer identification data and no credit card information.
Who was affected?
Around 145 million user’s were affected and had their information leaked, that is a pretty significant amount. Ebay urges you to change your password, I cannot stress that enough. In addition, make sure to change your paypal password as well, Ebay and Paypal are partners and share similar information on their servers. If you want to wake up tomorrow and still have money in your Paypal then make sure to change your password.
This breach is one of the biggest in history based on the number of accounts that were compromised. It ranks 2nd after the 160 million user compromise that happened with JCPenny, 7-11, Target and other big corporates. You can read the full story HERE. To put this in perspective, here is a bubble chart showing the recent data breaches:
Above you can see that this data breach is number 2 in history categorized by raw size. As always, it is interesting to see how Ebay will handle this situation and whether they will update their corporate system and add better protection. In the mean time, just change your password if you are a Paypal user or an Ebay seller and you will be safe.