Published May 21, 2014
EBay (EBAY) said Wednesday it discovered a cyber attack against a corporate information network that contained encrypted passwords, but the e-commerce giant found "no evidence" any financial information was compromised.
In a statement to FOX Business, spokesperson Kari Ramirez said the company is "taking every precaution" to protect its users. As part of that defense, eBay will ask users to change their passwords. The San Jose, California-based company also suggested changing passwords on other websites if they mirror ones used on its platforms.
The hackers broke into eBay’s network by compromising a "small number" of employee login credentials, which allowed the attackers to glean access to eBay's corporate network.
The database that was compromised between late February and early March contained a hodgepodge of personally-identifiable and other information, including: names, encrypted passwords, telephone numbers, physical addresses and dates of birth.
“Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers,” eBay said in a press release.
In fact, the FBI’s San Francisco field office confirmed to FOXBusiness.com that it's looking into the eBay breach, but wouldn't comment on the timeline of the probe.
EBay said, thus far, it has seen “no indication” of increased fraudulent activity across the e-commerce site. Meanwhile, the company’s payment-processing unit, PayPal, has seen “no evidence of unauthorized access or compromises to personal or financial information.”
PayPal users’ financial information is stored in an encrypted format on a separate network, eBay noted. The digital payment unit processes 9 million payments a day and serves more than 148 million active user accounts across 193 markets, according to eBay’s website.
Larry Ponemon, chairman and founder of the Ponemon Institute, which specializes in data-security issues, said it is “very unusual for eBay” to have an attack like this since the firm is generally seen as an “exemplar” of strong and sophisticated cyber defensives.
He said while the database that was compromised isn’t exactly the “crown jewel” of information since it doesn’t contain financial elements, the data gleaned can be combined with other information available across online black markets if the hackers wanted to monetize them. He also said since eBay is “highly trusted,” users might have been more willing to provide the online marketplace with more information.
“It shows that even the best of Internet sites are vulnerable to cyber attacks … you can’t stop this tidal wave,” Ponemon warned.
This attack comes on the back of several high-profile data breaches, including the one that hit Target (TGT) late last year. That attack – which happened after hackers utilized unknowing external contractors to tap into the retailer’s network – compromised millions of credit card and personal details.
Adding to the worries, many companies asked users to change their passwords after a bug in the technology that encrypts much of the Internet -- called Heartbleed -- was revealed in April. Ramirez said that bug wasn’t the cause of the eBay breach.