eBay hacked, urges 128 million active users to change passwords

E-commerce giant eBay has had to ask 128 million active users to change their passwords after it emerged that it had fallen victim to a cyber attack and its database had been compromised.

Since it emerged that many of the web’s biggest sites had been hit by the Heartbleed bug, potentially compromising a vast amount of personal data, web users have been even more concerned about where the next big data breach was coming from.

But on 21 May, eBay admitted that not even the e-commerce giant itself was immune, after it emerged that one of its databases was compromised during late February and early March.

The problem was originally detected a couple of weeks ago, but the company’s forensics have only just determined which database was affected – a delay which has already drawn criticism from some corners.

It has now admitted that hackers had managed to compromise the log-in details of a small number of eBay employees, granting them access to the corporate side of the site.

Through this they managed to access a database which stores a host of details such as customers’ names, encrypted passwords, physical and email addresses and dates of birth.

Fortunately, eBay maintains that financial information is stored separately, so that type of personal data is believed to be safe. Though the company admits it cannot be sure how many users’ information was compromised, eBay says that its own tests have found no evidence of unauthorised activity.

However, it is now asking all of its users to change their passwords to protect them in the future – as well as the passwords on any other accounts where they may have been using the same password.

“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” the company said in its statement.

“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”

A wave of concern engulfed the media yesterday after the company appeared to accidentally post an incomplete version of its announcement on the PayPal blog early. The article included the line “placeholder text”, but still sparked a furore as media sources warned users to change their passwords.

Web users need to be keenly aware of the importance of regularly changing their passwords, as well as using different passwords for each account they have. As eBay points out, it represents best practice as a means of keeping your account safe from cyber attacks.