Enterprise IT/Software

EBay initially thought customer data not compromised

Software CBR Staff Writer

09:55, May 26 2014


EBay is under severe criticism for 'delayed' notification.

Amidst growing criticism of EBay's delayed notification of the breach, the online marketplace said that it initially believed that the customer information is safe following the breach was detected.

EBay is under severe criticism for any possible delay in notification, following hackers compromised 145 million user data, as forensic investigation found that the breach was detected in early May while it was reported last week.

EBay Marketplaces Business Unit president Devin Wenig told Reuters, "For a very long period of time we did not believe that there was any eBay customer data compromised."

Wenig added that the company moved "swiftly to disclose" the breach after it found that customer data has been compromised.

According to the company the hackers used credentials of three of its corporate employees to break into the user database. The company also added that during the breach the data of all users including email addresses and encrypted passwords were accessed by hackers.

Wenig added, "Millions" of users have since reset their passwords and the company had begun notifying users, though it would take some time to complete that task."

"You would imagine that anyone who has ever touched eBay is a large number," he said.

"So we're going to send all of them an email, but sending that number all at once is not operationally possible."

"We want to make sure it doesn't happen again so we're going to continue to look our procedures, harden our operational environment and add levels of security where it's appropriate."

The company last week said, the its database was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth.

EBay however at that time denied that the compromised database contain any financial information or other confidential personal information.

The company said that the compromised employee log-in credentials were first detected about two weeks ago. It added that PayPal data has not been compromised as it is stored in a separate network and all PayPal financial data is encrypted.

Currently the company has no plan to offer compensation to any customer saying that there is no financial loss reported so far.


Post a comment

Comments may be moderated for spam, obscenities or defamation.