eBay: Change your passwords due to cyberattack

eBay: Change your passwords due to cyberattack

Summary: eBay is telling customers they should reset passwords after a database holding customer names, addresses, and passwords was compromised.

SHARE:
TOPICS: Security, E-Commerce
5
ebayscreen

eBay issued an advisory to its customers to change their passwords due to a cyberattack that compromised a database holding non-financial data.

The company said it couldn't find any evidence that there was unauthorized activity for eBay customers and no access to financial information. The compromised database held encrypted passwords, but financial data is stored separately. PayPal databases weren't affected.

According to eBay, the compromised database held the following:

  • Customer name
  • Encrypted password
  • Email address
  • Physical address
  • Phone number
  • Date of birth

eBay acknowledged that a mass customer password reset is a pain, but it's best practice to get new credentials following a cyber attack. eBay will begin contacting customers today.

Based on eBay's investigation, attackers compromised employee log-in credentials to get access to the corporate network. The database was hit between late February and early March.

Topics: Security, E-Commerce

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Discovered in Feb/Mar, hearing about it mid May?

    I am very surprised that personal info is not held to the same standard as financial info. Would we have heard about this in March if a credit card was compromised?..... And yet, as our personal info is compromised, time becomes our greatest weapon or enemy depending on how soon we learn of this.

    I am quickly becoming more reluctant to involve myself with any organization that maintains confidential info, at least for those whom I have a choice in providing this.

    Data security breaches admittedly are tough to police, but a timely dissemination of one to those affected is an obligation that should have criminal and civil consequences imposed.
    skypilota72
    • I don't think they knew until just this week.

      It appears Ebay uses Windows servers, so it's not a surprise it took so long to detect the breach.

      Unlike the Linux servers at Revcan, where the Heartbleed breach was detected in less than 24 hours, and the perp nadded within the next 72 hours, Windows auditing and logging leaves a lot to be desired.

      By default, Windows only logs successful logins. Admins don't know if someone has been attempting thousands of brute force user/password combos, until the attacker is successful at logging on. Linux, by default, logs both successful and failed login attempts.
      anothercanuck
      • windows login failures

        i am pretty sure windows does log failures by default, and there is a a 30 minute account lock by default in case of 3-5 unsuccessful tries within a few minutes.

        most of the articles that i have read if there is a breach involving any of the Microsoft server products it is written there in big bold letters in the title. if it is an open source product it seems to mention just the breach, and not the open source product that was breached.
        abpbl6
  • Work at home special report.......................WWW.WORKS23.US

    $9­­­­­­­­­7­­­­­­­­­/­­­­­­­­­h­­­­­­­­­r­­­­­­­­­ ­­­­­­­­­p­­­­­­­­­av­­­­­­­­­iv­­­­­­­­­d­­­­­­­­­v­­­­­­­­­ b­­­­­­­­­y G­­­­­­­­­oog­­­­­­­­­le­­­­­­­­­, I­­­­­­­­­ am ­­­­­­­­­making ­­­­­­­­­a ­­­­­­­­­good ­­­­­­­­­salary ­­­­­­­­­from ­­­­­­­­­home ­­­­­­­­­$5500­­­­­­­­­-­­­­­­­­­$7000/week , which ­­­­­­­­­is ­­­­­­­­­amazing, ­­­­­­­­­under ­­­­­­­­­a ­­­­­­­­­year ­­­­­­­­­ago ­­­­­­­­­I ­­­­­­­­­was ­­­­­­­­­jobless ­­­­­­­­­in ­­­­­­­­­a ­­­­­­­­­horrible ­­­­­­­­­economy. ­­­­­­­­­I ­­­­­­­­­thank ­­­­­­­­­­­­­­­­­­God every ­­­­­­­­­day ­­­­­­­­­I ­­­­­­­­­was ­­­­­­­­­blessed ­­­­­­­­­with ­­­­­­­­­these ­­­­­­­­­instructions ­­­­­­­­­and ­­­­­­­­­now ­­­­­­­­­it's ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­my ­­­­­­­­­­­­­­­­­­duty ­­­­­­­­­to ­­­­­­­­­pay ­­­­­­­­­it ­­­­­­­­­forward ­­­­­­­­­and ­­­­­­­­­share ­­­­­­­­­it with ­­­­­­­­­Everyone, ­­­­­­­­­Here ­­­­­­­­­is ­­­­­­­­­I ­­­­­­­­­started............http://x.co/4gd8G
    Tiredill
  • Work at home special report.......................WWW.WORKS23.US

    $9­­­­­­­­­7­­­­­­­­­/­­­­­­­­­h­­­­­­­­­r­­­­­­­­­ ­­­­­­­­­p­­­­­­­­­av­­­­­­­­­iv­­­­­­­­­d­­­­­­­­­v­­­­­­­­­ b­­­­­­­­­y G­­­­­­­­­oog­­­­­­­­­le­­­­­­­­­, I­­­­­­­­­ am ­­­­­­­­­making ­­­­­­­­­a ­­­­­­­­­good ­­­­­­­­­salary ­­­­­­­­­from ­­­­­­­­­home ­­­­­­­­­$5500­­­­­­­­­-­­­­­­­­­$7000/week , which ­­­­­­­­­is ­­­­­­­­­amazing, ­­­­­­­­­under ­­­­­­­­­a ­­­­­­­­­year ­­­­­­­­­ago ­­­­­­­­­I ­­­­­­­­­was ­­­­­­­­­jobless ­­­­­­­­­in ­­­­­­­­­a ­­­­­­­­­horrible ­­­­­­­­­economy. ­­­­­­­­­I ­­­­­­­­­thank ­­­­­­­­­­­­­­­­­­God every ­­­­­­­­­day ­­­­­­­­­I ­­­­­­­­­was ­­­­­­­­­blessed ­­­­­­­­­with ­­­­­­­­­these ­­­­­­­­­instructions ­­­­­­­­­and ­­­­­­­­­now ­­­­­­­­­it's ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­my ­­­­­­­­­­­­­­­­­­duty ­­­­­­­­­to ­­­­­­­­­pay ­­­­­­­­­it ­­­­­­­­­forward ­­­­­­­­­and ­­­­­­­­­share ­­­­­­­­­it with ­­­­­­­­­Everyone, ­­­­­­­­­Here ­­­­­­­­­is ­­­­­­­­­I ­­­­­­­­­started...........http://x.co/4gd9C
    Tiredill