Ebay has asked its users to change their passwords following a cyberattack that compromised the site’s database.The database, which was compromised between late February and early March, involved hackers infiltrating the database by accessing the log-in details of eBay employees.
The database included eBay customers’ names, encrypted password, email address, physical addresses, phone numbers and dates of birth.
However, the company says extensive tests carried out on its networks confirmed the breach had not resulted in any unauthorised activity for its users or compromise of their financial data.
Ebay said it was “best practice” for users to change their passwords as it would “help enhance security for eBay users”.
The company first learnt of the initial break-in two weeks ago, and a subsequent forensic analysis confirmed that a customer database had also been compromised.
The company said it has seen no increase in fraudulent activity since the hack. Paypal – which eBay owns – is unaffected, and it runs from a different database, according to the company.
“Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers,” eBay said in a statement.
Customers of eBay who use the same password for other websites should change their passwords on all sites.
The new cyberattack is only the latest in a recent string of high profile incidents. In February, the details of 2,200 Tesco clubcards were leaked online. Last year, US retailer Target lost the credit card details of 40 million customers.
A recent Verizon report found 1,367 serious data breaches in 2013, dubbed “the year of the retailer breach”, saying it was a year of “large-scale attacks on payment card systems.”
David Emm, a senior security researcher at Kaspersky Lab, said: “It’s difficult to quantify the danger customers may be in following the eBay cyberattack, but of course any personal data in the wrong hands is bad news and it appears that the attackers have gained access to customers’ names, email addresses, physical addresses, phone numbers and dates of birth, as well as encrypted passwords.
“The fact that this attack took place two to three months ago means the attackers have had additional time with which to attempt to decrypt the stolen passwords as well as make use of the other personal data.
“On the face of it, it looks as though eBay has been slow to respond, but if the company has only just discovered the full extent of the attack it is now doing the right thing by notifying customers in a timely manner.”