Hackers quietly broke into eBay two months ago and stole a
database full of user information, the online auction site revealed Wednesday.
Criminals now have possession of eBay customer names,
account passwords, email addresses, physical addresses, phone numbers and birth
dates.
The company said the passwords were encrypted, but there's
no telling when or if the hackers can decrypt them. As a precaution, eBay is
resetting everyone's passwords.
The company isn't saying how many of its 148 million active
accounts were affected -- or even how many customers had information stored in
that database. But an eBay spokeswoman said the hack impacted "a large
number of accounts."
EBay's subsidiary, PayPal, said it was untouched by the data
breach. PayPal data, which is sensitive because it includes payment
information, is kept on a separate network.
To hack into the eBay database, the cyber attackers managed
to get their hands on "a small number" of eBay employee log-in
credentials, the company said. They then used that to worm their way into
eBay's corporate network. The hackers grabbed the customer database between
late February and early March.
It wasn't until two weeks ago that eBay discovered employee
credentials had been stolen, the company said. The company then conducted a
forensic investigation of its computers and found the extent of the theft.
The company said it hasn't spotted any increase in
fraudulent activity on eBay yet.
This is only the latest major data breach compromising
people's digital lives. In April, AOL announced hackers stole "a
significant number" of its 120 million users' email addresses, passwords,
contact lists and more.
No comments:
Post a Comment