eBay has just released a statement announcing that their internal & customer databases were compromised between February & March this year. The company is urging all customers to change their account passwords right away.
It is the largest reported cyber attack ever, potentially affecting all of eBay’s 145 million active customers worldwide. The hackers gained access to a database containing the customers’ full names, encrypted passwords, email addresses, physical addresses & their date of birth. Since discovering the breach, about 2 weeks ago, eBay claim to have performed extensive analysis and confirm no Credit Card or PayPal information were compromised and that this information is stored separately.
It is unknown who the hackers were though, considering their target, it seems they were commercially orientated. With all of this stolen information, the hackers have all they need to cause a lot of mayhem. The threat of identity theft is a serious threat to all eBay customers. Experts have also said that the hackers will almost certainly be already working on compromising sites all over the web as many consumers use the same passwords across multiple websites.
The compromise to eBay’s database was the result of a cyber attack which targeted a small group of employee log-in credentials. eBay has been criticized for using a method of password encryption that is easier to crack than the alternative, hashing. If eBay were using the hashing method of protection the hackers would have no way of accessing users’ passwords in plain text.
Since eBay’s announcement of the security breach of their database at least 4 U.S states have launched investigations into Californian based online auctioning company. The exact implications of the cyber attack are not clear though the Florida Attorney General, Pam Bondi, has said that the compromise could be “of historic proportions.”
We want to know why eBay chose to keep this a secret until now when the compromise was discovered almost 3 months ago, while all this time still allowing new users to register and disclose their confidential information.