eBay cyberattack: What should I do?


by Ben Sullivan| 22 May 2014

Over 220m customer accounts have been compromised in one of the largest ever cyberattacks.

eBay has suffered a cyberattack which has resulted in the breach of 223m customers' personal data.

In what may be the biggest ever commercial cyber attack to date, eBay said the breach was detected over two weeks ago but customers' financial information was not at risk.

However, a database containing encrypted passwords as well as names, email addresses, physical addresses and phone numbers was compromised.

Over 14 million active eBay accounts are in use in the UK, with the total number of customer accounts worldwide reaching 233 million.

In a statement, eBay said the database was breached between late February and Early March. PayPal said that its service has not been affected and customers' financial information is safe.

David Emm, a security researcher at cybersecurity firm Kaspersky, said: "It's difficult to quantify the danger customers may be in following the eBay cyber-attack, but of course any personal data in the wrong hands is bad news and it appears that the attackers have gained access to customers' names, email addresses, physical addresses, phone numbers and dates of birth, as well as encrypted passwords.

The fact that this attack took place two to three months ago means the attackers have had additional time with which to attempt to decrypt the stolen passwords as well as make use of the other personal data. While it might seem as though eBay has been slow to respond but if the company has only just discovered the full extent of the attack it is now doing the right thing by notifying customers in a timely manner."

Matt Middleton-Leal, a director at security firm CyberArk, said: "The very fact that just a 'small number' of compromised accounts has resulted in such significant access to eBay's corporate network is extremely concerning. Clearly, there has not been enough attention paid to protecting privileged access accounts, where one small human error or mistake can cause an enterprise-wide security breach."

The breach was not related to the Heartbleed bug, discovered earlier this year.

Emm said: "Many people will also be asking whether this is related to Heartbleed. I suspect that the two are not linked, although of course we can't rule it out. The Heartbleed bug has been around for two years and was discovered after this attack took place.

However, eBay states that the leaked information was a result of a compromised database, whereas Heartbleed is a vulnerability that lies in the mechanism used to encrypt data."

This attack is larger than the one the US retailer Target suffered in December 2013, where 40m customer credit cards were stolen. Target's CEO had to resign in May because of the matter.

Go to the next page for a guide on what you should do with your eBay account.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

791 people like this.
2235 people follow this.

Malware Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.