Ebay on Wednesday released a warning to all its users to change their passwords following a security hack that compromised a database containing encrypted passwords and other non financial data.
Simultaneously the Ecommerce giant reassured its consumers that for the moment there are no evidence of any unauthorized activity or access to financial or credit card information, which they say are kept separately in encrypted format.
Ebay does not seem to be too concerned about this stolen personal information like postal addresses and dates of birth, as they assert the stolen identities could not be used to access other companies owned by the auction site, including PayPal or GumTree.
But others have different thought saying that the repercussions of this data theft could be felt for a long time after the break-in since we are dealing with identity theft.
The fact is that someone in now claiming to have a copy of the Ebay’s stolen database and is selling that for 1.45 bitcoin (£447) via the website Pastebin.
Ebay took two months to discover it had been hacked as no unusual activities were detected until May. Apparently a couple of employees company identities were stolen in February, after that the compromised database, which included eBay customers’ names, encrypted passwords, email addresses, mail addresses, phone numbers, and dates of birth, was hacked between late February and early March.
Ebay realized the attack just recently after the repeated attempts to access a database that was restricted for the two identities.
Now some customers are complaining on eBay Community forums saying that they didn’t receive much information about the breach from eBay and have yet to get notifications by email, which the company has promised to do.
The good part is that apparently Paypal doesn’t seem involved in the security attack.
Nevertheless this is another warning call for organizations that need to take an very careful approach to internet security, hacker are more and more capable and keen to get sensible data.