Ina Steiner EcommerceBytes Blog
News and insight focusing on ecommerce.
by Ina Steiner, Editor of EcommerceBytes.com
Wed May 21 2014 08:21:48

eBay Hacked!

By: Ina Steiner

Sponsored Link

eBay sent out the following press release at 9:10 am on Wednesday morning:

eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

UPDATE (10 am EST): PayPal spokesperson Jennifer Hakes told EcommerceBytes eBay will only be asking its user base later today to change passwords. "Extensive forensic research has shown no evidence of unauthorized access or compromise to personal or financial information for PayPal customers," she said.

"PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay. PayPal account holders should consider changing their passwords only if their credentials are the same as those they use for eBay."

UPDATE (3:50 pm EST): eBay published a FAQs page that includes this blurb:

The file did not contain financial information, and after conducting extensive testing and analysis of our systems, we have no evidence that any customer financial or credit card information was involved. Likewise, the file did not contain social security, taxpayer identification or national identification information.

UPDATE (8:14 am on 5/22/14): eBay sellers should consider the impact this will have on their auction listings since snipe bids may not be allowed to go through unless bidders have changed their passwords, see today's Newsflash story.



Share

Comments (152) | Leave Comment | Permalink

Readers Comments

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Basset

Wed May 21 08:34:52 2014

I wonder if this is like the Heartbleed bug where some tech security people  advised to wait to change passwords until after given the ''all-clear'' for the site?

The idea was that until the ''all-clear'' is given any new passwords could be compromised.

Any ideas on this?


Thanks for being on top of this Ina & David!

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Ina

Wed May 21 09:09:10 2014

Thank you to PayPal's Jenn Hakes for providing me with advice for who this impacts - see the update to this post.  

Perminate Link for eBay Hacked!   eBay Hacked!

by: unknown This user has validated their user name.

Wed May 21 09:33:48 2014

ebay will send a press release to CNN about it but won't post it on their own 'Announcements' page? Ah, we're not chinese sellers with a minor delay in shipping so not worthy of mention anywhere...

Perminate Link for eBay Hacked!   eBay Hacked!

by: Glor This user has validated their user name.

Wed May 21 09:39:17 2014

So... should we go in and change the eB/PP Passwords now or wait for a notice?

Perminate Link for eBay Hacked!   eBay Hacked!

by: Mr. Me This user has validated their user name.

Wed May 21 09:41:16 2014

Time to dump ebay stock.
Donahoe should immediately resign in disgrace...

Perminate Link for eBay Hacked!   eBay Hacked!

by: meci This user has validated their user name.

Wed May 21 09:41:49 2014

eBay CS said the message was leaked earlier but will be making a statement later.  Why later ?   Supposed to only have affected eBay and not PayPal according the the rep.

Perminate Link for eBay Hacked!   eBay Hacked!

by: unknown This user has validated their user name.

Wed May 21 09:50:53 2014

Still not on the ebay Announcements page but my local morning news program just had an announcement about it saying ebay is asking users to change passwords. Except they're not or they will later or something. ::sigh::

Perminate Link for eBay Hacked!   eBay Hacked!

by: Will This user has validated their user name.

Wed May 21 10:01:12 2014

Wonder if it is even true? Surely, a good way to get people back to the site, "Well, since I'm already here, might as well shop around for a bit".

Perminate Link for eBay Hacked!   eBay Hacked!

by: wallflower This user has validated their user name.

Wed May 21 10:01:16 2014

Ebay's release said:

"Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts. "

So, wait for it.

Perminate Link for eBay Hacked!   eBay Hacked!

by: Marie This user has validated their user name.

Wed May 21 10:05:10 2014

Companies get hacked.  Look at what happened to Target over the last holiday season.  Some announce things quicker than others.  We all know Ebay is a bit slow, but Target was none to fast either.

For me, I'll just go change my password.  We are now aware of the potential problem thanks to Ina.  I for one won't wait for an email from Ebay requesting I change it.

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Puck

Wed May 21 10:06:26 2014

Sorta late getting out the news:

''The breach was discovered about two weeks ago, according to eBay, leading to a probe that identified the hacked database.''

http://www.nbcnews.com/tech/security/ebay-warns-cus
tomers-change-passwords-after-database-hacked-n110961

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Ric

Wed May 21 11:16:33 2014

From what I read in the news reports, this hack occurred TWO MONTHS AGO yet they are just announcing it today!!

Nice to know that eBay has invested in top notch network security that provides them with such timely warnings regarding data breeches.

The bottom line penny pinching of eBay's MBA's strikes again!!

Perminate Link for eBay Hacked!   eBay Hacked!

by: PowerSeller2007 This user has validated their user name.

Wed May 21 11:43:30 2014

Donahue RESIGN NOW!

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Basset

Wed May 21 11:50:16 2014

To be fair, I think that is how these hacks seem to get broken to the public. By design? It sure seems to follow a pattern.

With both Heartbleed and Target quite a bit of time lapsed between discovery and breaking the news to the public. Months. Many months in Heartbleed.


A carefully placed tweet here & a post there - THEN we have come to rely on the news sources that have competent  people at the helm (like Steiners) to take the lead: verify, find the facts, solidify the story, and relay the info to the rest of us.

Perminate Link for eBay Hacked!   eBay Hacked!

by: Eric Saeger This user has validated their user name.

Wed May 21 12:03:45 2014

Where's Ming?  I've got my jar of peanuts ready.

Perminate Link for eBay Hacked!   eBay Hacked!

by: Mr. Me This user has validated their user name.

Wed May 21 12:25:36 2014

Hack ? oh-no no no, its a "disruptive innovation".....!

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Rexford

Wed May 21 12:49:24 2014

Thank God for Ina and David.  I always get my news here first.

Perminate Link for eBay Hacked!   eBay Hacked!

This user has validated their user name. by: Ric

Wed May 21 12:52:19 2014

Another thought about this data breech...

eBay requires sellers to provide Social Security numbers if their volume is high enough.

eBay needs to inform sellers as to whether SS numbers were part of what the hackers got.

Perminate Link for eBay Hacked!   eBay Hacked!

by: Donna This user has validated their user name.

Wed May 21 13:13:43 2014

Here's an update on what information was involved:

http://www.ebayinc.com/in_the_news/story/faq-ebay-pas
sword-change

Perminate Link for eBay Hacked!   eBay Hacked!

by: Kaz This user has validated their user name.

Wed May 21 13:17:22 2014

So how will this translate into the "Buyer Experience" that Donahoe and Co are trying to promote?
In one fell swoop more damage has been done to the site through ebay's mismanagement than all those "failing" Top-Rated Sellers put together, talk about DEFECTS.
How many buyers will react by simply pulling the plug on ebay and go elsewhere?
As ever Wall Street will be the key, how will the ebay INC.share value react?
And THANK YOU to ecommercebytes for the news, ebay's own information is scant to say the least.

Click to view more comments
1 2 3 4 5 6 7 8  [Next Page]


Login is required to post comments.
To sign in to leave a comment, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page.

Login for AB Verify
Be sure and use your email address and password to log in.
 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.