Millions of eBay shoppers have been told to change their passwords after the company announced it had become the victim of a cyber attack.
The Californian online market website, said the assault had compromised a database containing customer names, encrypted passwords, email addresses, birth dates, physical addresses and phone numbers.
However it stated they had found no evidence of any unauthorised access to financial or credit card information and that PayPal accounts had not been affected.
The UK site has attracted more than 17 million active users since its launch in October 1999. It is understood the hackers managed to infiltrate eBay’s computer systems through a small number of employee’s long ons.
In a statement, a spokesman for eBay said: “The compromised employee log-in credentials were first detected about two weeks ago.” After conducting extensive tests on its networks, the company said it “has no evidence of the compromise resulting in unauthorised activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats.
The statement continued “However, changing passwords is a best practise and will help enhance security for eBay users.
They added: “Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practises to protect customers.”
EBay, which has more than 233 million users worldwide, had initially issued a notice on its website asking users to change their passwords, but quickly took down the message a short time later without explanation.
The attack was launched in late February and early March yet was only announced today [21/05/2014]. EBay has not provided any information about the kind of encryption it used.
One expert said there was still a concern that the hackers might be able to make use of their haul.
“We all know that given enough time hackers can crack some encrypted password files,” said Alan Woodward, an independent security consultant.
“The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams.”