eBay has suffered a cyberattack which has resulted in the breach of 223m customers' personal data.
In what may be the biggest ever commercial cyber attack to date, eBay said the breach was detected over two weeks ago but customers' financial information was not at risk.
However, a database containing encrypted passwords as well as names, email addresses, physical addresses and phone numbers was compromised.
Over 14 million active eBay accounts are in use in the UK, with the total number of customer accounts worldwide reaching 233 million.
In a statement, eBay said the database was breached between late February and Early March. PayPal said that its service has not been affected and customers' financial information is safe.
David Emm, a security researcher at cybersecurity firm Kaspersky, said: "It's difficult to quantify the danger customers may be in following the eBay cyber-attack, but of course any personal data in the wrong hands is bad news and it appears that the attackers have gained access to customers' names, email addresses, physical addresses, phone numbers and dates of birth, as well as encrypted passwords.
The fact that this attack took place two to three months ago means the attackers have had additional time with which to attempt to decrypt the stolen passwords as well as make use of the other personal data. While it might seem as though eBay has been slow to respond but if the company has only just discovered the full extent of the attack it is now doing the right thing by notifying customers in a timely manner."
Matt Middleton-Leal, a director at security firm CyberArk, said: "The very fact that just a 'small number' of compromised accounts has resulted in such significant access to eBay's corporate network is extremely concerning. Clearly, there has not been enough attention paid to protecting privileged access accounts, where one small human error or mistake can cause an enterprise-wide security breach."
The breach was not related to the Heartbleed bug, discovered earlier this year.
Emm said: "Many people will also be asking whether this is related to Heartbleed. I suspect that the two are not linked, although of course we can't rule it out. The Heartbleed bug has been around for two years and was discovered after this attack took place.
However, eBay states that the leaked information was a result of a compromised database, whereas Heartbleed is a vulnerability that lies in the mechanism used to encrypt data."
Go to the next page for a guide on what you should do with your eBay account.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...