eBay hack 'one of the biggest data breaches in history'
Fears of widespread identity theft mount after 'catastrophic' eBay cyber-attack
The cyber-attack on eBay is poised to go down as one of the biggest data breaches in history, with experts warning that even after users have changed their passwords the breach could have "catastrophic" consequences.
Some 145 million user records have been accessed by hackers, the company announced in a statement yesterday. All eBay users have been advised to change their passwords immediately.
Web security experts warn that this may not be enough, and the ramifications of the hack could be "catastrophic".
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Avivah Litan, an analyst at technology research firm Gartner told the Financial Post that if cyber-attackers manage to compile data from a variety of sources, "a massive incident is in the pipeline, such as widespread identity theft or thousands of financial accounts being taken over".
Alan Woodward, an independent security consultant agrees: "The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams", Woodward told the BBC.
More than 15 million British people, and over a hundred million more worldwide are at risk of identity theft after the attack, the Daily Telegraph notes. The online security breach leaves not just passwords, but also names, addresses and telephone numbers in the hands of hackers.
The danger also goes beyond the internet, the Telegraph notes, because some telephone banking services allow users to log in using their date of birth and address for verification. This could result in massive banking theft and financial fraud.
Paul Martini, the chief executive at iboss Network Security, said: “The damage could well have already been done, as the time lag between the cyber breach and the discovery of the breach is in the months. Cyber hackers may not hit the obvious target of siphoning money or goods out of eBay; they may take the personal information gained from the database and target other popular sites.”
MPs said that the US-based firm's delay in admitting to the breach was “inexcusable”.
eBay forces users to change passwords after cyber-attack
20 May
Onling retailer eBay will force all 128 million of its users to change their passwords after discovering that the site had been compromised.
The company said databases containing encrypted passwords and other non-financial data had been attacked some time in February or March.
According to the company's records, no unauthorised activity has been recorded, but requiring all users to change their account details is "best practice and will help enhance security for eBay users".
The attack came about, eBay said in a post on its corporate site, because "cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network".
The post added: "Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers."
The retailer has 128 million active users and accounted for $212bn (£126bn) worth of transactions on its wide range of services in 2013, the BBC reports.
In spite of the company's reassurances that no illegal transactions had occurred, one expert told the BBC that the hackers might still be able to exploit the security breach.
"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.
"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."
eBay users are advised to visit the site and change their password as soon as possible.
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
How cybercriminals are hacking into the heart of the US economy
Speed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
By The Week Staff Last updated
-
Language-learning apps speak the right lingo for UK subscribers
Speed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
By Mike Starling Published
-
Brexit-hobbled Britain ‘still tech powerhouse of Europe’
Speed Read New research shows that UK start-ups have won more funding than France and Germany combined over past year
By Mike Starling Published
-
Playing Cupid during Covid: Tinder reveals Britain’s top chat-up lines of the year
Speed Read Prince Harry, Meghan Markle and Dominic Cummings among most talked-about celebs on the dating app
By Joe Evans Last updated
-
Brits sending one less email a day would cut carbon emissions by 16,000 tonnes
Speed Read UK research suggests unnecessary online chatter increases climate change
By Joe Evans Published
-
Reach for the Moon: Nokia and Nasa to build 4G lunar network
Speed Read Deal is part of the US space agency’s plan to establish human settlements on the lunar surface
By Mike Starling Last updated
-
iPhone 12 launch: what we learned from the Apple ‘Hi, Speed’ event
Speed Read Tech giant unveils new 5G smartphone line-up
By Mike Starling Last updated
-
Russian agency behind US election meddling ‘created fake left-wing news site’
Speed Read Facebook says real reporters were hired by fake editors to write about US corruption
By Holden Frith Published