EBay’s explanation of just exactly how hackers were able to get access to its complete data-bank of nearly 150 million records of users leaves a lot of questions about how cyber criminals arranged what looks as if could be the second largest breach of data in the history of the United States. The auction website started asking all eBay users to change their passwords because of the cyber-attack.
It ended up compromising a database which held the site’s encrypted passwords and other non-financial information. After holding far-reaching tests on its various networks, the company declared it had found no evidence of the breach resulting in any unlawful activity for eBay users, and there was no indication of any illegal access to credit card or financial information, which is kept separately in encrypted layouts.
However by changing users’ passwords, this is one of the safest practices that the company can do at this time and will aid in security for all eBay users. The company stated that hackers attacked the site sometime between the last of February and the first of March using login credentials that were attained from “a small number” of workers. They then proceeded to access a data-bank which held all user records and copied a huge part of those credentials.
The breach was finally discovered the first part of May and announced to the public on Wednesday. Security professionals are wanting to know just how they were able to get such credentials and if the workers whose information they stole were allowed to have unrestricted access to the user database, which would have contained some of its most secret information.
David Kennedy, a chief executive of Trusted SEC LLC and also an expert in investigating data breaches, stated that eBay has been very standoffish about providing any information. They should be more forthcoming about what occurred. He also wonders how come it took eBay three whole months to discover the intrusion.
An FBI spokesperson told the media the bureau is at work with eBay to inspect the breach, but refused to elaborate any further. eBay stated that it had FireEye Inc’s forensics division also to aid with the review. A FireEye spokesperson refused to comment on the situation.
Customer information and security are of supreme importance to eBay and the company regrets any troublesomeness or anxiety that this password reset might have caused their customers. The company explained it had seen no financial or personal information fraud happening against any PayPal users. This could be due to PayPal information being stored independently on another kind of secure network, and all PayPal financial data is carefully encrypted.
EBay users should have received an email explaining to them about changing their password. Also in addition to this, eBay is requesting that users also change the same password if they happened to use it on any other sites as well. A person should never use the exact same password on several different sites or accounts. That is never a safe idea and this is the very reason.
EBay’s reasoning behind of just exactly how hackers were able to get access to its complete data-bank of nearly 150 million records of users leaves many questions about how cyber criminals arranged what looks as if could be the second largest breach of data in the history of the United States.
By Kimberly Ruble