eBay issued an official declaration on Wednesday, May 21, 2014 that one of its databases had been hacked. The worst part? This database, which housed users’ passwords, was compromised. But, there is a silver lining to all of this – no information has been stolen.
None that they know of, anyway. The auctioning website is still cautioning users to change their passwords in light of the attack.
Earlier Wednesday morning, PayPal (owned by eBay) posted a blog article asking users to change their passwords as soon as possible. For reasons unknown, PayPal’s article was promptly removed after being posted for a only few hours. This caused confusion among users, but the hack was later confirmed via an official statement from eBay on their site.
Apparently, the attack was detected two weeks ago, at which point eBay began to investigate the origins of the attack and how it took place. They discovered that the attackers had compromised several employee log-in credentials, which allowed them to access the auction house’s corporate network. The database, compromised sometime between late February and early March, held not only customers’ names, but also their encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth – literally everything that a hacker would need to access someone’s account or steal their identity.
eBay also states that they first noticed the compromised employee log-in data about two weeks ago, and between then and now, they had been trying to identify which database was accessed, and an announcement delay was the result.
eBay says, “After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing your passwords is a best practice and will help enhance security for eBay users.”
Michell Consulting Group couldn’t agree more. In light of all of the hacking attacks and vulnerabilities as of late (we’re looking at you, Heartbleed), changing your passwords on a regular basis is looking more and more appealing. eBay’s hack attack should be taken more seriously (128 million active users), and it shouldn’t have taken two weeks to resolve the problem.
You don’t want to take risks with your sensitive information, and Directive can monitor your systems to ensure you don’t get hacked, like eBay did. Most importantly, we won’t wait two weeks to let you know if you have. We’ll resolve the issue as quickly as possible remotely, so you don’t have to experience any downtime.