eBay Hacked: 145 Million Customers Affected by Data Breach; Company Urges Users to Change Passwords
Ebay Inc announced that hackers gained access to its network about three months ago and obtained data from 145 million customers in what could be the largest data breach in history.
The company told customers to change their passwords immediately because hackers likely have them. Customers' data was likely stolen sometime between late February and early March.
Wednesday eBay spokeswoman Amanda Miller told Reuters that passwords were encrypted and hackers wouldn't be able to break the code to unscramble the passwords.
"There is no evidence of impact on any eBay customers," Miller said. "We don't know that they decrypted the passwords because it would not be easy to do."
Besides the possibility of gaining passwords, the hackers copied customers' records. Email addresses, birth dates and other personal information was among the data stolen. Miller says the financial data such as bank account numbers and credit card information was not stolen.
Ebay has hired FireEye Inc's Mandiant forensics division to help investigate the data breach. Mandiant discovered a Shanghai hacking group linked to the Peoples Liberation Army last February.
Experts believe eBay users should change all passwords that are similar to or the same as their eBay password.
"People need to stop reusing passwords and should change their affected passwords immediately across all the sites where they are used," said Trey Ford, global security strategist with cybersecurity firm Rapid7.
The hackers were able to gain access to the login information of a small number of employees. That access gave them the opportunity to log into eBay's corporate network which contains customer data.
Ebay first discovered the massive data breach in early May and quicky brought in investigators and law enforcement.
"We worked aggressively and as quickly as possible to insure accurate and thorough disclosure of the nature and extent of the compromise," Miller said when asked why the company had not immediately notified users.
PayPal, eBay's online payment service, has been unaffected so far by the data breach.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!