There’s been another cyberattack on a major corporation, this time eBay who has been hit and the online retailer is urging users to change their passwords following the security breach.
EBay said hackers used stolen employee log-in credentials to compromise a database containing user information, reports The Los Angeles Times. EBay has a reported 145 million users.
The stolen data is extensive and includes names and encrypted passwords, their email addresses, physical addresses, phone numbers and their dates of birth. EBay, however, said no financial data was stolen.
EBay first discovered the cyberattack about two weeks ago and has been helping law enforcement and security experts to investigate it. The actually security breach is estimated to have taken place between late February and early March.
Due to the breach, eBay’s entire security process is being called into question. Various states, including Connecticut, Florida and Illinois, have united to lead an investigation into eBay’s security practices. The U.S. States Attorney Generals’ offices in these states are very concerned, especially after the recent string of high-profile attacks at retailers like Target, Neiman Marcus and Michael’s, which have left U.S. consumers vulnerable to identity theft. States may even pursue legal action against eBay.
According to Connecticut Attorney General George Jepsen, the state had about 660,000 active eBay users who could have been affected. “My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents,” he said.
And Florida, Attorney General Pam Bondi said, “the magnitude of the reported eBay data breach could be of historic proportions.”
EBay has also been having trouble dealing with the password reset requests. In fact, many users were received a “high traffic volume” error messages when they reached the password reset page on eBay’s website. This prevented them from changing their passwords.
EBay has announced that it will take time for every user to receive its “reset email,” which will be sent to all affected users, alerting them to the attack and suggesting they change their passwords.
“eBay is also reminding users that its password reset email will not contain any links – and if you receive an email purporting to be from eBay with links, it’s a fake,” reports Tech Crunch. For info on how uses should proceed, visit info.ebayinc.com.