eBay Database Hack

Ebay Database HackUsers Advised To Change Passwords

Here’s yet another example of a data breach that’s making headlines. At Sergeant Shredder, we’re committed to “Shred, Protect & Conserve.” While we help with paper and electronics shredding, keeping businesses safe is another element of our company’s mission.

145 Million Buyers Affected

Users have been asked to change their passwords in light of a eBay database hack that exposed encrypted passwords and other personal information. The breach, discovered only weeks ago, is believed to have occurred in late February and early March. Along with encrypted email passwords, the compromised database contains the names, phone numbers, birth dates, and physical and email addresses of 145 million active buyers. Users who utilize the same password on other sites as they do for eBay are encouraged to change those passwords as well.

eBay Database Hack Not Comprehensive

In an online statement, eBay explained that attackers gained unauthorized access to eBay’s corporate network by compromising employee log-in credentials. Because of eBay’s security practices regarding “hashing” and “salting” passwords, it’s unlikely that attackers will be able to use any stolen passwords. Still, the company responded to the database hack by shutting down all unauthorized access and implementing additional, though unspecified, security measures while working with authorities to investigate the incident.

Fortunately, no financial data or other confidential information was impacted by the eBay database hack. So far, there has been no evidence of unauthorized access or compromises to the PayPal database. The PayPal database is stored separately on a secure network where all financial information is encrypted. The company claims that there has been no evidence of unauthorized activity among eBay’s users or on other sites operated by eBay Marketplaces, including StubHub, Tradera, GumTree, and GMarket.

Good Security Practices Aren’t Always Good Enough

This breach emphasizes the importance of companies implementing tougher policies on how sensitive data is stored and protected. While proper encryption may have protected users’ passwords from being compromised, other information was completely exposed. The eBay database hack allowed attackers access to nearly all of the personally identifiable information needed for fraudulent activity to take place on the user’s behalf. The stolen credentials could make it easy for attackers to appear legitimate should they contact users claiming to be eBay or any other company.

Were you affected by the eBay database hack?