Company spokeswoman Amanda Miller told Reuters that approximately 145 million user records were accessed. The user records contained names, e-mail addresses, mailing addresses, phone numbers, birthdates and encrypted passwords.
The hackers apparently compromised a few eBay employees’ login credentials, providing them with access to the company’s network.
While there’s no evidence at this point of any increase in fraudulent activity on eBay as a result of the breach, all eBay users are being urged to change their passwords.
As Graham Cluley notes, however, there’s no warning of the breach on eBay’s home page, users receive no warning of the breach upon login, and the company’s breach announcement only appears on its Investor Relations page.
“It feels to me like eBay isn’t handling this very professionally … they’re still not being proactive enough in telling their users who might have missed the headlines in the media, or in sharing information regarding what methods it had used to encrypt, salt and hash the passwords to keep them out of the hackers’ hands,” Cluley writes.