eBay Suffers Massive Security Breach, All Users Must Change Their Passwords

[Jake <jake () riskbasedsecurity com>]

http://www.forbes.com/sites/gordonkelly/2014/05/21/ebay-suffers-massive-security-breach-all-users-must-their-change-passwords/

The chaos of Heartbleed may have passed, but the number of high
profile online hacks continues unabated. According toBusinessWire,
auction site and global retailer eBay EBAY -0.17% is the latest victim
and has been hit by a huge cyberattack that compromised its main
database holding user passwords. An email will be issued later today
informing all eBay users to urgently change their passwords  .

The report claims there is: “no evidence of the compromise resulting
in unauthorized activity for eBay users, and no evidence of any
unauthorized access to financial or credit card information, which is
stored separately in encrypted formats.”

The origin of the breach comes from hackers compromising a small
number of employee log-in credentials, which gave access to eBay’s
corporate network. eBay says it is working with law enforcement and
leading security experts to “aggressively” investigate the matter.

Most troubling is the database was compromised between late February
and early March and was not detected until two weeks ago. The hackers
gained access to information including eBay customers’ names, their
encrypted passwords, email, registered addresses, phone numbers and
date of birth .

More positively eBay says the database did not hold financial
information as that is stored separately. Furthermore it has not seen
any evidence of a rise in fraudulent activity or additional attempts
to gain entry to Paypal. Like eBay’s financial information, Paypal
data is also stored separately.

eBay is taking the breach extremely seriously stating that users
employing the same password across eBay and other sites should also
change those passwords. It stresses your eBay password should be
unique.

Any sizeable security breach will hit a company hard, but it will be
doubly tough for eBay given the site’s focus on buyer and seller
reputations. eBay has long been saddled with a reputation for dodgy
listings and phishing scams. Something the site has worked hard to
improve.

Needless to say all users should act now as the full fallout from the
hack will inevitably only come to light in the coming days and weeks.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!