Ebay, the popular online auction site used by over 145 million users worldwide, have today had to take the humbling step of admitting that they have been compromised. Users are advised to update their passwords at this link immediately.
The details aren't entirely known yet, but the official statement issued by ebay
lets us know that hackers managed to obtain the account credentials of a small number of their employees, which thereby gave the hackers access to the entire ebay employee network. Their intrusion remained undetected for some time, and it is believed that they managed to retain full access to this network between late February and early March. While there, it is assumed that the hackers managed to make copies of vast amounts of user data, including usernames, encrypted passwords, email addresses, physical addresses, phone numbers, dates of birth, and possibly more. This dossier of information could be greatly valuable to malicious users if they launch identity theft attacks.
It's important to note that financial information stored by PayPal, which is owned and operated by ebay, was not compromised in this attack.
While the passwords that were stolen were encrypted, this does not mean that they are useless to the hackers. It is possible that they stole the keys that were used to encrypt them, which would mean that they could easily reverse the encryption and get access to the actual passwords. Alternatively, if the encryption used by ebay was weak, it's possible for the hackers to methodically guess the key until they get it right, which could be done in as little as a few hours depending on the strength of the encryption and the computing power the hackers have available.
Ebay will be sending out more information to all of their users presently, but for maximum security you can act now:
- Immediately head to ebay.com and change your password
. This will make the stolen password outdated and useless. Similarly, if you use the same password on any other site (someting that you should never do, regardless of how much easier it makes your life), you will need to update all of these passwords too. Remember, the hackers also took email addresses, which are often used as account names. If they know your email address and password for ebay, they could easily try the same combination on Google, Facebook, Twitter, or any other site.
- Download and keep updated a reliable and trusted antivirus app. We recommend our own CM Security, available for free on Google Play
. We have sent out a notification to all of our users about this leak, ensuring that they can keep on top of this situation before it becomes a problem. We will act similarly in the future for any other serious security issues.
Get CM Security for free on Google Play!