EBay initially thought customer's data was safe, authorities see red

EBay's Wednesday announcement that its system was hacked came late while a number of states have launched a joint probe into eBay's business practices following the news of the security breach.

Attorneys general for Connecticut, Florida and Illinois are looking into eBay's security practices after eBay announced on its website that hackers penetrated its system and gained access to over 145 million eBay users' names, passwords, email addresses, physical address, phone numbers and dates of birth. On Wednesday, eBay took to Twitter to urge users to change their passwords and promised to send out individual email notifications after hackers were able to obtain the passwords of three eBay employees, thus gaining access to the system.

The attack was discovered sometime "between late February and early March," but eBay made it public only this week. Users have also complained about eBay's delayed email notifications, prompting authorities to take matters into their own hands.

"My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents," says Connecticut Attorney General George Jepsen. "However, the most important step for consumers to take right now is to change their password and to choose a strong, unique password that is not easily guessed."

eBay has around 600,000 users from Connecticut, but it is not clear how many of them are affected. Jepsen, who initiated the joint investigation, would not specify if other states will join the initiative, but California has already announced its interest. Similarly, Christopher Graham, information commissioner in the U.K., where there are "millions of U.K. citizens affected," said he is also considering launching a formal investigation of the hack.

"eBay is, on the face of it, a very serious breach. The message for business is you've got to be better at security and you've got to be better with our personal data," says Graham.

New York Attorney General Eric T. Schneiderman has called on eBay to provide free credit monitoring services to users affected by the breach, but the auction website says it has no plans to provide the service or offer compensation because it found "no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats."

"For a very long period of time we did not believe that there was any eBay customer data compromised," says eBay marketplaces president Devin Wenig.

The cyberattack on eBay is only one of many that have been reported in recent months. First came October's Adobe hack, which compromised more than 150 million customers, followed by a similar large-scale attack on Target that led to chief executive Gregg Steinhafel's resignation. And, of course, nobody can forget about the Heartbleed bug, which let hackers read the memory of systems protected by vulnerable versions of the OpenSSL software, the encryption used to protect content and provide privacy.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics