After Getting Hacked, eBay Urges 145 Million Members to Reset Password
eBay has announced this week that their database has been hacked and the personal information of its 145 million members has been compromised. eBay is requesting that users change their passwords.
According to eBay, “The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.”
eBay said that PayPal, which is owned by eBay, was not impacted by this attack because it’s data is stored separately on a secure network and that all PayPal financial information is encrypted. That’s good news.
This is the second-biggest online account breach so far, after the 152 million user accounts involved in the Adobe attack. eBay is a San Jose based company and in 2013 they did over $200 billion in business.
Recommendation:
Change your eBay password right away, even if you haven’t used the eBay site in years. PayPal, which is owned by eBay, was not compromised so eBay is not asking customers to change their PayPal password.
The implication here is that this a potential internal security breach. Whether that be of a malicious or accidental nature, such as an employee being convinced to hand their login details over by a hacker through some form of social engineering, it does indicate that eBay may not have taken all the steps necessary to mitigate the risk of insider threats. Although to an extent employee actions cannot always be accounted for and there is often a job to be done to educate employees on the risks of their actions, technology can help to address these problems, as well as to assess and track issues after they occur, as we’re aware eBay is doing at the moment.