eBay hack puts millions at risk of identity theft

“It’s difficult to quantify the danger customers may be in following the eBay
cyber attack, but of course any personal data in the wrong hands is bad news
and it appears that the attackers have gained access to customers’ names,
email addresses, physical addresses, phone numbers and dates of birth, as
well as encrypted passwords,” he said.

“The fact that this attack took place two to three months ago means the
attackers have had additional time with which to attempt to decrypt the
stolen passwords as well as make use of the other personal data.

“The worrying thing is that many people use a single password for more than
one internet site and so if the passwords are compromised, they could be at
further risk from cyber-criminal activity. The time lapse here highlights
the urgency for customers to change not only their eBay and PayPal passwords
but also on any other site that they use the same log-in details for.”

Paul Martini, chief executive at iboss Network Security, said that eBay could
be viewed as the “golden goose of hacking targets” because of the
vast scale of information it holds.

“The damage could well have already been done, as the time lag between
the cyber breach and the discovery of the breach is in the months,” he
said. “Cyber hackers may not hit the obvious target of siphoning money
or goods out of eBay; they may take the personal information gained from the
database and target other popular sites.”

It is thought that hackers managed to access some eBay employee log-ins which
gave access to the company’s corporate network. From there the attackers
were able to access the database containing users’ information and steal the
data.

Today eBay said that it is “aggressively investigating the matter”
along with law enforcement agencies in the US, because all of the company’s
servers are based there, and will be using the “best forensic tools”
to track down the culprits.

The company will be sending an email to each user today to notify them of the
data breach and ask them to change their password. They will also be advised
to change their log-in on any other websites if they used the same password
there.

It will also be making changes to its website within the next 24 hours that
will force users to change their password the next time that they log on.

“We believe we have shut down unauthorised access to our site and have
put additional measures in place to enhance our security,” it said.

It is not yet clear why there was such a long delay between the attack and
users being informed, but eBay says that it first discovered the attack “earlier
in May”. Since then the company has been performing a “forensic
analysis”, the Telegraph was told.

Article source: http://www.telegraph.co.uk/technology/internet-security/10847374/eBay-hack-puts-millions-at-risk-of-identity-theft.html

Technorati Tags: ,

Tags: ,

Leave a Reply