eBay Data Breach Exposes 145 Million User Records

Auction site eBay yesterday announced that a database containing users’ encrypted passwords and other personal data was breached between late February and early March of 2014.

Company spokeswoman Amanda Miller told Reuters that approximately 145 million user records were accessed. The user records contained names, e-mail addresses, mailing addresses, phone numbers, birthdates and encrypted passwords.

The hackers apparently compromised a few eBay employees’ login credentials, providing them with access to the company’s network.

While there’s no evidence at this point of any increase in fraudulent activity on eBay as a result of the breach, all eBay users are being urged to change their passwords.

As Graham Cluley notes, however, there’s no warning of the breach on eBay’s home page, users receive no warning of the breach upon login, and the company’s breach announcement only appears on its Investor Relations page.

“It feels to me like eBay isn’t handling this very professionally … they’re still not being proactive enough in telling their users who might have missed the headlines in the media, or in sharing information regarding what methods it had used to encrypt, salt and hash the passwords to keep them out of the hackers’ hands,” Cluley writes.

Jeff Goldman
Jeff Goldman
Jeff Goldman is an eSecurity Planet contributor.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top Endpoint Detection and Response (EDR) Solutions

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Best SIEM Tools & Software for 2021

Security Information and Event Management (SIEM, pronounced "sim") is a key enterprise security technology, with the ability...

Related articles