EBay initially thought customer data not compromised

E-commerce

by CBR Staff Writer| 26 May 2014

EBay is under severe criticism for 'delayed' notification.

Amidst growing criticism of EBay's delayed notification of the breach, the online marketplace said that it initially believed that the customer information is safe following the breach was detected.

EBay is under severe criticism for any possible delay in notification, following hackers compromised 145 million user data, as forensic investigation found that the breach was detected in early May while it was reported last week.

EBay Marketplaces Business Unit president Devin Wenig told Reuters, "For a very long period of time we did not believe that there was any eBay customer data compromised."

Wenig added that the company moved "swiftly to disclose" the breach after it found that customer data has been compromised.

According to the company the hackers used credentials of three of its corporate employees to break into the user database. The company also added that during the breach the data of all users including email addresses and encrypted passwords were accessed by hackers.

Wenig added, "Millions" of users have since reset their passwords and the company had begun notifying users, though it would take some time to complete that task."

"You would imagine that anyone who has ever touched eBay is a large number," he said.

"So we're going to send all of them an email, but sending that number all at once is not operationally possible."

"We want to make sure it doesn't happen again so we're going to continue to look our procedures, harden our operational environment and add levels of security where it's appropriate."

The company last week said, the its database was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.

EBay however at that time denied that the compromised database contain any financial information or other confidential personal information.

The company said that the compromised employee log-in credentials were first detected about two weeks ago. It added that PayPal data has not been compromised as it is stored in a separate network and all PayPal financial data is encrypted.

Currently the company has no plan to offer compensation to any customer saying that there is no financial loss reported so far.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

E-commerce Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.