eBay has today admitted that its database of millions of users has been compromised in a cyber attack.
In a statement on its website the company said it was aware of unauthorised access to its systems that may have exposed some customer information.
“Our company recently discovered a cyber attack that comprised a small number of employee log in credentials, allowing unauthorized access to eBay’s corporate network. As a result, a database containing encrypted password and other non-financial data was compromised.
“There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorised access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter,” the company said.
eBay has also taken the unprecedented step of asking all eBay users to change their passwords.
The online marketplace said a cyber attack which occurred in February, (that the company only just became aware of) meant its database containing users’ encrypted passwords was hacked.
The company believes that because the passwords are encrypted, the accounts of users remain secure – yet, it is still encouraging buyers and sellers alike to change their password.
“[We] don’t want to take any chances. We take security on eBay very seriously, so, we encourage you to change your password,” the company stated.
However, security experts are questioning why all the data wasn’t encrypted, not just the passwords.
The company said it is looking at ways to strengthen its security, and in the coming days and weeks is likely to introduce new security features.
As it stands there is little either the company or customers can do to retrieve the private data that was taken – more than a hundred million usernames, passwords, phone numbers, addresses, birthdates and emails of its users.
Lysa Myers, Security Researcher at digital protection company, ESET, commented that the cyber-attack could have been worse had the financial data been kept together with the passwords and personal customer information.
However, because of the nature of the database, the breach does open up the possibility for other types of scams such as phishing attempts.
“As such, eBay users should be advised to be on the lookout for suspicious messages, and avoid clicking on links in email. Whenever in doubt, go directly to the site by typing its URL into the browser rather than by following links in emails,” Myers said.
“If you are an eBay user, this would be a good time to make sure your new password is a very strong one, and unique from your other online accounts. If you have not yet started using a password manager, this could be a good time, as they can be very helpful in creating and maintaining strong passwords for each online account you use,” she added.
