2014 eBay Security Breach

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search

Online marketplace eBay is forcing users to change their passwords after a cyber-attack compromised its systems.

The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.

"The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth."

A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems. It took eBay almost a month to become aware of the breach.

Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed.

It added that any members who used the same login details used on eBay for other sites should also update them.

EBay has not provided any information about the kind of encryption it used.

One expert said there was still a concern that the hackers might be able to make use of their haul.

"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.

"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."


  • Why is eBay burying news of its security breach from its millions of web visitors?
ref: http://grahamcluley.com/2014/05/ebay-burying-news-security-breach/

Let’s do the @ebay breach response checklist!

  • Email notification? No.
  • Notice on web page? No.
  • Warning upon logging in? No.
ref: https://twitter.com/paulfroberts/status/469191554742382592