Lately cyber-criminals seem to be obsessed with the trend of hacking into users’ accounts on popular websites by stealing their login credentials and passwords. Last fall it was ‘Target Corp’ being hacked followed by ‘Adobe Systems Inc’ with compromised login credentials. This year, after the web-link shortening service, Bitly being attacked in May, online shopping giant, EBay is the latest name to join the list.
On Wednesday, May 22 2014, EBay advised its 145 million registered users of its website to change their passwords following a security breach in its database having encrypted passwords and some other non-financial data.
The online shopping giant provided some information about how the attackers hacked the site. It said they were successful to gain access in to the corporate network by compromising some of the employee’s login credentials, EBay informed. However, users’ passwords of EBay’s payment network PayPal weren’t compromised in this attack, clarifies EBay’s spokeswoman.
According to EBay, the database compromise was detected about 2 weeks ago though it occurred somewhere between late February and early March. The company chose not to inform its users right away as it investigated the extent of the attack. The spokeswoman said no group has yet claimed the attack’s responsibility and that the company has found no evidence indicating an unauthorized access to financial or credit card information as EBay stores that sensitive data stored separately. The hacked database consisted of passwords, email ids, birth dates, postal addresses and phone numbers. Following the news about the attack, EBay’s shared dwindled at Nasdaq on Wednesday.
EBay says the breach in its network is in no way related to the flaw in encryption tools ‘Heartbleed’, as recently detected by security researchers. Also, the company advises all its users who have set identical passwords for other sites to change all those passwords as well.