145 million active accounts affected by eBay breach

May 22nd, 2014 / Category: Managed File Transfer

On Wednesday, popular auction site eBay urged its users to change their account passwords following the recent discovery of a breach that occurred sometime between late February and early March. This incident is the latest in a string of recent cybercrimes, including large-scale retail breaches, pointing to the importance of utilizing secure file sharing solutions and staying vigilant about data security.

145 million passwords compromised
Hackers were able to enter the company's network, gaining access to some 145 million active buyers' accounts, making the incident one of the biggest breaches in history. Although the firm reports that it hasn't observed any suspicious behavior as a result of the attack, it is advising customers to change their log in information immediately, in line with security best practices.

Importantly, the breach investigation to date indicates that it did not expose any sensitive financial data, eBay explained. PayPal, a division of the company, stores its information separately. Nonetheless, cybercriminals could theoretically use customers' eBay passwords and other compromised information to gain access to other accounts or sites.

"When sites are breached and passwords are exposed, popular services such as Facebook and Gmail tend to get an influx of login attempts using the breached credentials," Craig Young, Tripwire's security researcher, told E-Commerce Times. "Once an attacker gains access to additional services, they try to use that to compromise other accounts through password reset procedures."

The data exposed in the breach includes:

  • Customers' names
  • Encrypted passwords
  • Email addresses
  • Physical addresses
  • Phone numbers
  • Dates of birth

Encryption mitigates breach consequences 
Despite the massive scale of this incident, the consequences of the hack could be alleviated to some extent because eBay encrypted the passwords. Amanda Miller, eBay's spokeswoman, told Reuters that the company has no reason to believe the cybercriminals cracked the code to unscramble the passwords.

"There is no evidence of impact on any eBay customers," Miller explained to the source. "We don't know that they decrypted the passwords because it would not be easy to do."

Nonetheless, breaches like this can have a serious impact on both customers and businesses. People with eBay accounts are being urged to change their login credentials and adhere to higher security measures, such as utilizing stronger passwords and taking advantage of two-factor authentication whenever available. Companies that have their networks compromised by hackers face public relations struggles, lost revenue, investigation expenses, and possible legal fees.

eBay's breach remains under investigation and the company has committed to keeping consumers abreast of developments via email and other communications.