eBay hacked, database breached and personal information compromised

Global auctioning site eBay has warned users to change their passwords in the wake of a recent cyber attack against the company. The popular service used by millions all over the world has suffered from a database breach, in which the safety of personal information such as names, passwords, and email addresses have all been compromised. The company has reassured that no financial information was contained within the database and neither was there any sign of a PayPal hacking. 

The attack itself occurred back in early spring in which cyber attackers gained access to a small number of employee's accounts; this resulted in unauthorized access to eBay's network, that enabled the criminals to obtain information from the database. A team of IT experts has been put to the task of a ruthless investigation, aiming to protect customers and their identities against further damage. 

The article quotes an eBay statement, saying: 

eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

eBay users will be told to change their passwords imminently, the alert will arrive through each registered email address, and the sites communication feature will also notify accounts of the predicament.

The company is responsible for $205 billion (USD) of commerce in 2013, as well as functioning in more than 1,000 cities around the globe. Although impressive stats, many users may feel vulnerable when shopping on the site in the future. As to how much of an effect this breach will have on the company's extensive success, only time will tell. 

Source: eBay via Business Wire 

Thanks Max Norris for the tip!

Report a problem with article
Previous Story

Xbox One external hard drive support coming in June system update

Next Story

Spotify now has 10m subscribers, a 100% increase in 18 months

46 Comments

Commenting is disabled on this article.

Other than hacking, is there any other way to know the passwords in asterisk? I've heard that Micro keylogger can record password. Is that true?

WTF! No email or message in my messages to change my password, I have to find out from Neowin. Also, I went to change my password on ebayand got this message:
'
"Page not available"

"Ebay is asking its users to reset their passwords due to the unauthorized access to our corporate information network. This may result in a delay of service due to the high traffic volume. We ask for your patience and that you return to eBay soon. In the meantime, please be assured that no activity can occur on your account until your password is reset."

If all are smart you would also change your Paypal password to after all eBay dose own it as well just saying.

"A team of IT experts has been put to the task of a ruthless investigation, aiming to protect customers and their identities against further damage"

Is Neowin being paid by eBay? This hack and lack of notice are just 2 more reasons not to trust the tat bazaar.

I think it is inexcusable that eBay waited this long to tell anyone about this. I still haven't received any notification from them and would have known nothing about it if not for seeing it here on Neowin.

Thrackerzod said,
I think it is inexcusable that eBay waited this long to tell anyone about this.

Ditto that -- I haven't used my account in a couple years, zero email, nothing on the site, nada.. if you don't look at a news site chances are you'd still not know about it. Breaches happen, but dragging their feet this long to mention it is just negligent and borderline absurd.

...and internet-based companies get so angry or disappointed when people don't use them. Security of data? Hardly. There is a lot to be said about using the USPS.

Am I the only one who is concerned that they now have names, email address, home addresses and phone numbers too?

Also, why weren't we alerted about this earlier?

I'm a little puzzled as to why they didn't tell people immediately.

I wonder if eBay UK is affected, since if their UK databases, etc, have been stolen eBay are going to be in trouble over here (we have very strict data protection laws).

I am!

"My address, phone number, and email aren't confidential data at all...0_o"

That's what I was going to post when I saw that...two freaking months. It's a good thing all those nice websites now have my information to sell to people wanting to locate my house and office.

I haven't gotten an email from eBay about a password reset. Does this mean I wasn't affected or are they just slow?

Well I did just to be safe. But it is kind of disappointing that I have to rely on news reports of security breaches rather than eBay notifying me directly.

Enron said,
I haven't gotten an email from eBay about a password reset. Does this mean I wasn't affected or are they just slow?

I didn't get one either but I think it would be wise to assume that everyone is affected so definitely change your password. Unfortunately that doesn't help with them having our phone numbers, email addresses, home addresses, etc.

Do you think eBay loves you? ;)
jk eBay I think is a fantastic service but yea It may of been attacked in awhile ago, an audit sometimes only discovers such things months later, that's on eBay to rectify their process

what REALLY annoys me about eBay is you are only allowed to register one PayPal security key at a time and you can not use your cell phone A) At all and B ) in combination with a Security Key. Paypal lets you why not eBay? .. SUPER ANNOYING!

Well with PayPal, well in the U.K. when you change bank details they send a message to your bank, you then have to contact your bank and ask for the new code then you enter it an then can update and use PayPal.

leesmithg said,
Well with PayPal, well in the U.K. when you change bank details they send a message to your bank, you then have to contact your bank and ask for the new code then you enter it an then can update and use PayPal.

Last time I did that it wasn't a message sent to the bank, they actually made two small deposits into your bank account. You then typed those values into PayPal after checking your bank statement. It wasn't a message, and you didn't have to "contact" your bank per se.

warwagon said,
Two-Factor Authentication FTW!
Does eBay have two-factor authentication? (outside the US, that is)

Feels good not having to panic when this stuff happens-- everyone just needs to use crazyrandom passwords on every site they frequent ex ujf88DHf88e;;fkdjfjkdsYSUI

I would hope eBay encrypts any stored details but even still, If your passwords are unique from one another you have time, change password after you've ate breakfast or lunch

dingl_ said,
Feels good not having to panic when this stuff happens-- everyone just needs to use crazyrandom passwords on every site they frequent ex ujf88DHf88e;;fkdjfjkdsYSUI

Seeing that they broke into an eBay employee account and took the passwords I don't see what difference it makes how complex and random your password is; it's not like they are having to guess it now. They have the password, so yeah better change it right away.

Thrackerzod said,

Seeing that they broke into an eBay employee account and took the passwords I don't see what difference it makes how complex and random your password is; it's not like they are having to guess it now. They have the password, so yeah better change it right away.

That's not entirely correct. I am fairly certain eBay stores a hash of your password, so the hackers have the hash and they will still have to guess the real password - they cannot login using a hash. Only thing is they have infinite and fast guesses now, so the longer and more random your password, the longer it will take them to crack it.

rvdv said,

That's not entirely correct. I am fairly certain eBay stores a hash of your password, so the hackers have the hash and they will still have to guess the real password - they cannot login using a hash. Only thing is they have infinite and fast guesses now, so the longer and more random your password, the longer it will take them to crack it.

Even if they just have a hash it is still extremely important to change it. I wouldn't rely on a long password alone to keep me safe from this. I'm more concerned about my email and other personal info being taken, not much we can do about that now though.

rvdv said,

That's not entirely correct. I am fairly certain eBay stores a hash of your password, so the hackers have the hash and they will still have to guess the real password - they cannot login using a hash. Only thing is they have infinite and fast guesses now, so the longer and more random your password, the longer it will take them to crack it.

They likedly used Targeted Phishing, if they didn't, they would of gained access to pretty much everything in eBays control not just limited accounts

dingl_ said,
Feels good not having to panic when this stuff happens-- everyone just needs to use crazyrandom passwords on every site they frequent ex ujf88DHf88e;;fkdjfjkdsYSUI

Until you need to type that on your phone or tablet as well.