What happened?
Recently Ebay’s database has been compromised by a group of cyberhackers. This records as the second largest database breach in history with over 140 million users compromised.
We weak link in this cyberattack were the employees. The attackers were able to get access to Ebay employee credentials and were able to access the corporate network, which granted them access to the database.
Ebay and Paypal urged customers to change their password because the encrypted version of the password were leaked along with the customer’s names, dates of birth, addresses, and security questions.
Database is on sale
Now either the hacker or someone pretending to be him is selling the 140 million user database on pastebin. The hacker provided a 3,000 row extract from the database with names, addresses, phone numbers, and dates of birth as proof. However, Ebay denied that the extracted database was authentic. According to an Ebay spokesperson
“The published lists we have checked so far are not authentic eBay accounts.”
Security experts used the 3,000 row extract to try and identify and narrow down the source of the extract. Here are some of the offers on pastebin for the compromised database:
http://pastebin.com/vmvjGw3N
http://pastebin.com/Tfs07HDp
They say:
eBay Dump in 3xCSV files (122,672,912 lines)
0.5BTC to 1Kfxm6Y5bRDnC9JLwq6vpYYcw439zgvVzB
Email to [email protected] with ID
and
=== full ebay user database dump with 145 312 663 unique records ===
to get a copy:
1) send 1.453 BTC to 1e4aLP3jKD9wRAcSRNVb7VHbd7KbcdPfA
2) immediately email the transaction id from 1) to [email protected]
3) link to ebay-dump-2014-03-26-145312663.csv.zip will be sent to the original email with information on a unique transaction id=== sample dump of 12 663 users from apac region ===
NAME|PASS|EMAIL|ADDRESS|PHONE|DOB
https://mega.co.nz/#!FAwBQKpI!D4BQ6GD4qMjU5x1CyNCQiaMmSifGrFLLAl1rg7_f5yg
Ebay has confirmed that the database rows provided is not authentic but can we really trust that? Security experts are trying to narrow down and identify the source of the attack. One UK cyber security company – Digital Shadows – cross referenced the leaked data with Facebook and confirmed that the names are real, even if they might not have come from Ebay.
We need a third party to either confirm or deny that the 3000 rows did or did not come from Ebay. Ebay might deny the authenticity of the database but for all we know it could simply be a business move to minimize the severity of the situation.
The risks
The compromise of the 140 million user database is a serious issue from the perspective of identity theft. Even though Ebay is not putting importance on the data that was stolen, the consequences of the attack may be felt far ahead in the future.
This attack is the second largest of the type in history. Some customers are concerned about their information landing in the wrong hands:
I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. This is serious from an identity theft perspective
The only item that the hacker’s are missing is mother’s maiden name and then they gain sufficient information to impersonate an individual and deal with financial institutions.
While the password’s were also hacked in the attack they were encrypted and hashed so the real passwords did not show up. However, if the hacker’s obtain the private and public keys to the password they could potentially derypt the hashes and reveal the real passwords. The biggest problem with this is that many users use the same password for different accounts, so if the hackers know your password to Ebay they may be able to access your Facebook, Twitter, Bank Accounts, etc.
According to Ebay’s twitter:
So this time we got lucky and if you are an Ebay customer than you shouldn’t need to worry about your other accounts with the same password getting compromised. However, just to stay on the safe side I would change the passwords to your other accounts because we do not know what the cyber attackers are capable of. If you liked this article follow us on twitter @themerklenews and don’t forget to subscribe to our newsletter.
No Responses