EBay 'cyberattack' prompts password change warning
Company says no finanial information was stolen, but warns customers to change passwords
E-commerce giant eBay Inc. is asking customers to change their passwords after a recent hack that the company says exposed customer names and passwords, but didn't manage to steal any financial information.
The company says the attack happened between February and March when hackers accessed a database containing customer names, encrypted passwords, email addresses, birth dates, physical addresses and phone numbers.
"Beginning later today [Wednesday] it will be asking eBay users to change their passwords because of a cyberattack," eBay said in a statement.
"The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today."
PayPal not affected
The company says it has found no evidence of any unauthorized access to financial or credit card information, or any fraudulent sales activity connected to the breach.
EBay says it has an "active investigation" into the matter and is working with law authorities, and as such can't comment on the number of customer accounts affected. For now, it is urging all customers to change their passwords as a precaution.
The company also owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.
The breach comes on the heels of several high-profile online security scandals at other companies, including Target, which exposed the customer data for 70 million people last fall. And in March, a worldwide web bug known as Heartbleed left as many half a million websites vulnerable to being hacked because of a flaw in a commonly used source code known as Open SSL.
Ken Owen, a cybersecurity expert at McMaster University in Hamilton, Ont., says eBay's just the lastest victim of a round of cyberattacks that are likely to become more and more common.
"It's better to take it on the chin and let people know that there's a problem than to try and disguise it," he says. "Every aspect of your business is tied to information technology now … so, you're always vulnerable in that sense."
"You have to stay on top of this all the time," he says.