According to reports published online, Internet auction giant eBay was hit with a massive security breach that potentially affects millions of customer accounts. According to the company, the breech was discovered earlier this month. Customer data was likely stolen as early as February or March. eBay boasts a user base of over 145 million. The company has not specified how many of these users have been affected, but say the number is large.
The security breach, the largest in eBay history. Industry insiders say attackers gained access to encrypted customer information after obtaining employee log-in credentials.
On eBay’s website (although buried in a section of the site most users won’t find), the company said that no financial data was compromised. eBay also claims that Paypal, an eBay subsidiary, and the largest payment processing service on the internet, was not compromised in the hack as its files are stored separately on a secured network. Additional eBay affiliate sites, such as StubHub, eBay Classifieds, Tradera, GMarket, GumTree and GittiGidiyor were also unaffected by the breach.
eBay also plans to send each of its users an email explaining the situation later today.
In response to the intrusion, eBay has contacted federal law enforcement and is asking customers to change their login credentials immediately. Also, if you use your eBay password on other internet sites, the company recommends that you change those passwords as well.
What customer information was accessed?
eBay representatives claim the information stolen included the following:
- Customer name
- Encrypted password
- Email address
- Physical address
- Phone number
- Date of birth
eBay believes that they have shut down unauthorized access to their site and have put additional security measures in place to stop a repeat of the breach. The company also reiterates that it has strong protections in place to protect buyers and sellers in the event of any fraudulent activity on compromised accounts.
Ay caramba! as Bart Simpson would note. I still have not received the e-mail but changed my password. If they knew about this a while ago, why did they wait as so often happens to announce it? We should have been informed immediately so we could change out log in info. then. And I would suggest changing Paypal too just in case.
Target’s business took a big hit because they were not proactive enough about their breach, and it’s disappointing to see another company appear to be reacting in a similar fashion.
After reading today’s NY Times article I would say e-Bay is being more proactive than Target was. But I never did get the e-mail.
Affects
Bruce – Thank you …. your are 100% correct !
We have changed the title and content on this post to correct our error.
I take it as a compliment that visitors such as yourself are smarter than we are, and yet still come to the site. Your “correction? is much appreciated.
Best
Scott
Ok, so even if nothing bad happened with eBay accounts the fact that the culprits now have this information is very disturbing:
Customer name
Email address
Physical address
Phone number
Date of birth
With that information it would likely be quite easy to proceed with identity theft.
I noticed they don’t mention social security numbers but with the information they do
have it probably won’t be hard to obtain them elsewhere.
Bummer.