EBay, a popular web based marketplace announced that it had been hacked and warned of potential exposure of sensitive account holder information, CNN reported on May 21. A spokesperson for eBay said a large number of their 148 million account holders will be affected.
According to eBay's official statement a “small number” of eBay employee log-in credentials were stolen making it easy for hackers to get into the system and gain full access to consumer information. The breach in security took place between February and March of this year and they discovered the breach only two weeks ago.
This breach in security has granted thieves access to sensitive customer and seller information including, customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates. EBay’s account holder’s passwords are encrypted which will make it harder and take longer for hackers to decode them, however eBay will be sending emails to account holders later today urging them to reset their passwords to help thwart hacker decoding.
The breach in security was discovered when eBay conducted a forensic investigation of the computer system when they were alerted of the employee log-in theft. EBay has yet to share how the credentials were retrieved by thieves.
Paypal is now a subsidiary of eBay and the most commonly used form of payment on eBay which may cause some concern among account holders. EBay claims Paypal is kept in a separate network because of the highly sensitive information stored by the company. EBay has reassured that customer data stored on the Paypal website will not be compromised.
Customers and sellers should beware of emails asking for additional information or to take advantage of an offer via email or by phone. Customers should never provide sensitive information via email , and if by phone only if account holder made the call to eBay themselves.
This breach is one of many that have taken place within the past few months. Target, Michael’s Craft stores and a number of other large companies have made announcements warning customers that they have failed in protecting sensitive consumer information.