More than 230 million eBay users were notified last night to change all of their passwords amid fears their personal data might have been stolen in a major cyber attack.
Every one of the online auction site’s customers around the world will be asked to reset their logins after hackers broke into a database containing encrypted passwords, names, email and home addresses, phone numbers and dates of birth.
They were also being urged to change logins on all other sites where they used the same password.
Paul Martini, of iboss Network Security, said the huge amount of data held by the site made it a ‘potential gold mine’ and users must follow the advice to change all passwords. But he warned: ‘The damage could well have already been done, as the time lag between the cyber breach and the discovery of the breach is in the months.’
The hackers were said to have ‘compromised’ log-ins belonging to a small number of eBay staff to gain access to its corporate network. It was first detected two weeks ago but an investigation showed it probably happened between late February and early March.
Ebay said it was unable to say how many users’ details were accessed. It insisted there was no evidence that financial or credit card details had been compromised. Data from PayPal, the payment service owned by eBay, is stored separately and is not affected.
But IT security experts, who described eBay as ‘the golden goose of hacking targets’, warned users had been left vulnerable to phishing scams and identity fraud.
Michela Menting, of ABI Research, said: ‘It remains to be seen whether the defence and response mechanisms in place will stand up to scrutiny now that the attack has been publicised.’
News of the hack attempt emerged today when a message was posted on PayPal under the headline ‘eBay Inc. To Ask All eBay Users To Change Passwords.
Even more reason to keep your trading safe and local on our Australian Baby Bargains site don’t you think? *shameless plug*