eBay Hacked, Asks Users To Change Passwords

Online auction site eBay confirmed Wednesday morning that its corporate network was hacked, and that a database containing consumer’s personal information was “compromised”, CNET reports.

In a bizarre series of events that transpired Wednesday morning, eBay owned PayPal posted a blog entry entitled “eBay, Inc. to Ask All eBay users to Change Passwords.” Much to user confusion, the empty blog post was pulled from PayPal’s site, despite having already been retweeted dozens of times. eBay eventually posted info about the hack on its official corporate blog.

According to the statement, eBay claims that the compromised database, which was hacked sometime between late February and early March, contained user’s personal information, though the company stressed that financial data was not compromised. Names, encrypted passwords, addresses (both email and physical), and phone numbers were, however, among the data that was compromised.

While reminding users that changing passwords is a “best practice” for cyber-security, eBay offered an apology:

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

-eBay inc.

The company claims to have performed “extensive tests” on its networks, which it says was compromised through a “small number” of employee login credentials. Though the hacking incident was only detected two weeks ago, several months after it occurred, eBay says that it has no evidence of “increased fraudulent account activity,” or of “unauthorized access or compromises to personal or financial information for PayPal users.” Seeking to allay the concerns of PayPal users, eBay’s statement highlighted the fact that “PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.”

eBay said that it expects to contact users later Wednesday through “email, site communications and other marketing channels,” asking them to change their password. It is unclear how many of the site’s 128 million active worldwide users have already done so, or are even aware of the incident. The company also encouraged users to change their information on any other sites that may use the same login credentials.

The incident marks the second high profile data breach in the last year, after hackers managed to compromise the systems of mega-retailer Target. Combined with revelations about Heartbleed earlier this year, eBay’s announcement will no doubt add to internet security concerns.

[Image via The Guardian]