Yesterday eBay asked its customers to change their passwords in the wake of a hacker raid that occurred three months ago, reports Reuters. A large part of a 145 million user record database was snatched from eBay's servers in the huge data breach. The hackers gained access to the records after they managed to obtain the login details of a number of eBay employees, so they could access the corporate network.
The purloined passwords were stored in an encrypted form by eBay and there is currently no reason to believe that hackers have managed to unscramble them. "There is no evidence of impact on any eBay customers," eBay spokeswoman Amanda Miller told Reuters. "We don't know that they decrypted the passwords because it would not be easy to do."
While the passwords might be safe it sounds like a lot of other vital identifying customer data might not be. Ms Miller told Reuters that "email addresses, birth dates, mailing addresses and other personal information" were also downloaded by the hackers. Also it's good to know that following the breach there has so far been no evidence of increased fraudulent activity, so far.
eBay sought to reassure us that the "exposed database didn't include financial data," reports the Wall Street Journal. However if you use the same username and password on eBay and PayPal you could have a problem. Users are recommended to change passwords and not share passwords among sites.
David Emm, senior security researcher at Kaspersky Lab, emailed HEXUS with a comment on the breach. He said that the hackers have already had up to three months to work on the encrypted passwords as well as try and leverage the other personal data. However as eBay has only just discovered the breach it is "doing the right thing by notifying customers in a timely manner". Emm also sought to drill home the message about not using the same passwords among the websites that you visit.
Have you changed your eBay password yet?
