Apparently it’s a bad week for hacking, as eBay Inc (NASDAQ:EBAY) is now advising all users to change their passwords, saying that hackers compromised its database. Although it’s been a couple of months since the cyber-attack on eBay occurred, today’s notice comes within a day of a Dutch hacker group’s report that it was the first to hack into Apple Inc. (NASDAQ:AAPL)’s iCloud.
eBay notifies users
TechCrunch reports that an “odd blog post” showed up overnight but was taken down quickly. That post told users of eBay Inc (NASDAQ:EBAY)’s website to reset their passwords. Now the auction website has published an official statement saying that it has indeed been targeted in a cyber-attack.
eBay Inc (NASDAQ:EBAY) said today it will start contacting users to tell them to change their passwords. The auction website said the hackers were able to get into a database which contained encrypted passwords The company also said that “extensive” testing on its networks indicates that the hackers did not conduct any “unauthorized activity” on any of its users’ accounts or access financial or credit card information. eBay said financial information is “stored separately in encrypted formats.”
The website said it is currently working with law enforcement and Internet security experts to investigate the breach and plug holes in its security.
eBay breached through employee credentials
According to eBay Inc (NASDAQ:EBAY)’s official statement, the hackers broke into “a small number of employee log-in credentials.” That gave them access to the site’s corporate network. The cyber-attack reportedly occurred between late February and early March. The auction site said hackers accessed users’ names, encrypted passwords, addresses, dates of birth and phone numbers. One concern is that this sort of information could be used to steal the identities of users, if that’s what the hackers wanted to do.
eBay Inc (NASDAQ:EBAY) emphasized that no confidential or financial information was accessed, however. The company also said payment information for PayPal (its payment processing subsidiary) is stored apart from the accessed information on a secure network. It advises users who use the same password on sites other than eBay to change those passwords as well.
TechCrunch asked how many eBay Inc (NASDAQ:EBAY) accounts were breached. A spokesperson declined to say exactly, other than they believe it to be “a large number.” CNET reports that the breach could have affected 110 million eBay users and be the largest security breach since Target Corporation (NYSE:TGT)’s security problem late last year.
