eBay Inc. (Nasdaq: EBAY) has confirmed yesterday on its blog that it experienced one of the biggest criminal cyberattacks ever and has requested its users to change their passwords.
“Changing passwords is a best practice and will help enhance security for eBay users,” said the blog.
The hackers compromised a small number of employee log-in credentials and gained unauthorized access to eBay’s corporate network.
Apparently, the database ‘that contained encrypted passwords and other non-financial data’ was compromised between late February and early March, however, eBay discovered it only two weeks ago.
The data breached included sensitive personal information about customers’ name, encrypted password, email address, physical address, phone number and date of birth.
But, the financial information and other confidential personal information about users were safe, the blog added.
After extensive forensics, the company identified the compromised database and added that:
“there was no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information.”
eBay tried to assuage fears of PayPal users that there was no evidence of compromise to their personal or financial information. Moreover, their data are stored on a separate network.
The organization apologized for the inconvenience to its users and reassured their commitment towards information security and customer data protection.
“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
eBay is planning to send out emails, use site communications as well inform its users through appropriate marketing channels to change their passwords and also change passwords for other sites where the same password was used.
eBay, which generated USD 205 billion of commerce in 2013, had its shares nosedive initially following the breach news; the shares rebounded by afternoon.
This is not the first cyberattack against eBay. Recently, in February 2014, The Syrian Electronic Army (SEA), a notorious hacking group, had hacked eBay and PayPal “For denying Syrian citizens the ability to purchase online products.”
In the attack, the SEA had modified the DNS records of ebay.co.uk and paypal.co.uk as well as hacked into their Domain Registry managed by Mark Monitor.
The eBay attack could be the largest online breach following last year’s Target data breach, which had impacted about 110 million customers.