eBay Users Ask to Change Password

After the noted cyberattack, EBay Inc. asked the 145 million registered users to change their passwords to avoid the risk of data information leak.


On Wednesday, EBay said that the cyberattack compromised the database that contained encrypted passwords and other data. But the attackers were not able to access the database’ financial data. Users don’t have to worry that much because eBay’s Paypal Payments network were not exposed. Although, possibilities are some PayPal users may use the same name and password combination they use on eBay.


Encrypted passwords didn’t allow hackers to get the users’ actual password but only get a jumble of garbled text. Therefore, the passwords may be unusable for the mean time, said Avivah Litan, cybersecurity analyst at Gartner Inc.


The attack occurred from late February to early march and only detected about two weeks ago, said the San Jose Calif., company.  EBay said that the attackers had an access to the corporate network by compromising some login credentials of employees.


“We are cooperating with law enforcement on the investigation into the attack,” the spokeswoman said. “There is no evidence that customer financial information was compromised.”

Because eBay database includes passwords, email addresses, physical addresses, phone numbers and dates of birth, they encourage users who used the same password on other sites to change those passwords as well, just to make sure that their personal data are safe.


Gartne’s Ms. Litan said that the violation is a part of a broader trend among cybercriminals, who are seeking usernames and passwords for popular sites, such as eBay, in addition to credit-card numbers and Social Security numbers.


“Credentials are becoming attractive,” said Ms. Litan and hackers now are capable of seeing if victims still used the same username and password combination for their bank account.


The company has been doing “extensive tests” and so far, they found no evidence of unauthorized users’ activity, nor did it show any evidence of access to credit card or financial information. They said that the company’s financial data are stored in separate encrypted formats.


No group has suspected for the attack but eBay decided not to inform immediately the customers while the investigation is going on. Last month, eBay said it had 145.1 million active buyers, while its PayPal operation had 148.4 million active registered accounts.


EBay is just another target of cybercriminals. Last season, hackers took 40 million credit-and-debit-card numbers with 70 million customers’ personal-account information from Target Corp. Cyber attack is rampant and huge companies are now at risk.