eBay Data Breach Exposes 145 Million User Records

Auction site eBay yesterday announced that a database containing users’ encrypted passwords and other personal data was breached between late February and early March of 2014.

Company spokeswoman Amanda Miller told Reuters that approximately 145 million user records were accessed. The user records contained names, e-mail addresses, mailing addresses, phone numbers, birthdates and encrypted passwords.

The hackers apparently compromised a few eBay employees’ login credentials, providing them with access to the company’s network.

While there’s no evidence at this point of any increase in fraudulent activity on eBay as a result of the breach, all eBay users are being urged to change their passwords.

As Graham Cluley notes, however, there’s no warning of the breach on eBay’s home page, users receive no warning of the breach upon login, and the company’s breach announcement only appears on its Investor Relations page.

“It feels to me like eBay isn’t handling this very professionally … they’re still not being proactive enough in telling their users who might have missed the headlines in the media, or in sharing information regarding what methods it had used to encrypt, salt and hash the passwords to keep them out of the hackers’ hands,” Cluley writes.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles