The online auction website eBay is urging customers to reset and change their passwords after cyber criminals hacked into eBay and stole a database of client information, including customer names, account passwords, email address, birth dates, physical addresses and telephone numbers.
The attack occurred through employee accounts that were compromised which then permitted unauthorized access to its corporate network. The security vulnerability took place in late February and early March but was only detected two weeks ago.
EBay, which made the announcement Wednesday, is resetting everyone’s passwords as a precautionary measure. The company stated that the passwords were encrypted but were unsure if the hackers could decrypt them. So far, eBay has yet to discover any unauthorized access to credit card or financial information or enhanced fraudulent activity across the auction landscape.
In addition, with approximately 148 million active accounts, eBay is not confirming how many were actually affected by the cyberattack. However, a spokesperson for eBay said the hacking hurt “a large number of accounts.” eBay is a hub for many entrepreneurs and small business owners some of which were undoubtedly affected.
“For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords,” eBay spokeswoman Kari Ramirez told Reuters.
Customers of eBay should be receiving an email throughout Wednesday and Thursday to inform that they should modify their password.
PayPal, a subsidiary of eBay, confirmed that it was not a victim of the security breach because it is maintained on a separate network – eBay posted a notice on the PayPal website urging users to change their passwords but the message was taken down a short time later, according to CNN.
After the news made headlines, eBay shares fell sharply by 3.2 percent during the Wednesday morning trading session.
Recent Hacking Attacks
During the holiday season last year, Target was the victim of a major hack that involved the theft of customer names, credit and debit card numbers, expiration dates and card verification values (CVVs) from approximately 40 million accounts.
Experts say hackers had gained access to point-of-sale data and obtained the client information through the terminals or collected the data when it was transferred from Target to the credit card processors.
Last month, AOL confirmed that email accounts were hacked and the culprits had garnered users’ email addresses, mailing addresses and information on contacts in their address book. The media company refused to confirm how many accounts were compromised. It transpired when hackers had unauthorized access to AOL’s networks and systems.
“This information included AOL users’ email addresses, postal addresses, address book contact information, encrypted passwords and encrypted answers to security questions that we ask when a user resets his or her password, as well as certain employee information,” AOL said in a blog post. “We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly [two percent] of our email accounts.”
In the summer of 2013, the New York Times website was down for a second time after it reported of a malicious attack. The security incident was attributed to the Syrian Electronic Army (SEA), which has been blamed for various hacks in recent years.
