A security breach has meant eBay needs to urge all customers to change their passwords. Hackers attack websites all the time, but it is always a worry when financial data is involved. According to the last quarter accounts, there are 145 million active buyers on the site and more sellers. Many of those have credit card and PayPal details stored on the site to make buying and selling much easier.
The good news is that all financial details are stored on a different server. They are also encrypted to limit the risk to that information should there be a security breach. There has been no proof that the data has been stolen, but there is the risk that other information has been taken.
On the database that stores the passwords is a customer’s physical address, email address and date of birth, along with the full name. This is all information that can be used for identity fraud. While there is no proof that the information has been taken and used, there is the risk that hackers will have passwords to be able to get all the information required. The number of passwords stolen is currently unknown. This is why eBay is urging all customers to change their passwords after the security breach.
According to Shape Security director of product security Michael Coates, passwords on the company website are stored through encryption. This is an easier method for the auction website, but is also much easier for hackers to crack. Hashing is the second option, which would prevent hackers from seeing the plaintext password to be able to use it.
Those who use the same eBay password on other sites should change those passwords too. The hackers may have stolen email addresses, which means that they can get into various email accounts. From there a range of accounts are available and passwords on other accounts can quickly be changed without much knowledge.
Many eBay users will be understandably angry to hear that this breach took place some time between February and March. The hackers have had plenty of time to work out passwords and use them to their advantage. While the auction giant has downplayed the threat, there were employees affected from the cyber attack.
It is common for people to start questioning the actions of a company when security breaches happen. The bidding site has already expressed their apologies, and made it clear that new security measures will be implemented. Over the next few hours, users can expect to receive emails to request to change their passwords.
There are risks of phishing scams when hackers know that this is going to happen. The best thing anybody can do right now is go straight to the auction website and change their passwords there. Do not click on a link in an email, and check the website and domain name carefully to make sure it is the real auction website. eBay is currently only urging customers to change the passwords on that site since the security breach, but it is worthwhile changing passwords on other sites if it is the same one.
By Alexandria Ingham