eBay makes users change their passwords after hack

 
EBay The compromised database contained names, passwords and other personal information

Related Stories

Online marketplace eBay is forcing users to change their passwords after a cyber-attack compromised its systems.

The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.

The company added that it had no evidence of there being unauthorised activity on its members' accounts.

However, it said that changing the passwords was "best practice and will help enhance security for eBay users".

The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.

It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.

A spokesman added that the firm's engineers were in the process of rolling out a feature that would oblige members to choose new passwords when they next logged in, which should be live in each of the countries eBay operated in by the end of the day.

Rory Cellan-Jones: EBay has advised customers to change passwords

Stolen credentials

A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago.

"The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.

"However, the database did not contain financial information or other confidential personal information.

"Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."

Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed.

It added that any members who used the same login details used on eBay for other sites should also update them.

EBay has not provided any information about the kind of encryption it used.

One expert said there was still a concern that the hackers might be able to make use of their haul.

"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.

"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."

line
Password Tips

Security expert Alan Woodward offers this advice:

  • Don't choose one obviously associated with you: Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.
  • Choose words that don't appear in a dictionary: Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
  • Use a mixture of unusual characters: You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!
  • Have different passwords for different sites and systems: If hackers compromise one system you do not want them having the key to unlock all your other accounts.
  • Keep them safely: With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.

Rory Cellan-Jones looks at ways to manage strong online passwords

line
 

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    0

    Comment number 347.

    80 guttersnipe,
    as long as eBay got their cut I'm sure they'd be glad to let the hacker sell the passwords and personal information. They could see them back to the owners on their main sight and to organized crime syndicates on their shadow site. Ci-ching.

  • rate this
    +1

    Comment number 346.

    @339 - Frank yes i read the frequent change and again with it being a viable option and good common practice this still is nothing to do with the fact their DATABASE was cracked,this means regardless of any current changes they have the latest version thankfully i use a different password for absolutely every thing i use so its not an issue however ebay and paypal have been full of flaws for years

  • rate this
    0

    Comment number 345.

    Brilliant, I've just got an email from ebay telling me that I can link my Nectar account with my ebay account if I sign in online which will obviously give the hackers my passwords and bank details.

    Aye right...............

    Ebay also control Paypal so we are all done already since when you log in, they will be able to see your details!!

    Back to the good old cheque..............

  • rate this
    0

    Comment number 344.

    No names here, but some systems are picky about the characters they accept. I try to add punctuation marks. Some sites can reject them. My old ADSL modem won't accept my new ISP password, but luckily I took the chance to get a new box.

    I do keep a written list, kept safely at home. How much do you want to rely on your computer never breaking?

  • rate this
    0

    Comment number 343.

    I looked in the mirror yesterday morning and - darn it! - I forgot my password. My wife couldn't help me - she's forgotten hers too. Now neither of us can actually see ourselves. Good job we still see each other - no passwords needed there. She always knows what I'm up to, and I know that. It's something to do with trust and a lot to do with love. Maybe that's something you can't hack into.

 

Comments 5 of 347

 

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

Interactive: How planes crash

Shedding light on air disasters Read more...

Programmes

  • A sun bearThe Travel Show Watch

    The Borneo sanctuary coming to rescue of the world’s smallest bear

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.