Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

eBay confirms 145 million records were affected in attack

by The Gurus
May 22, 2014
in Editor's News
Share on FacebookShare on Twitter

Around 145 million user records were affected in the eBay breach in what could be the second biggest breach in history at a US company.
 
According to Reuters, the attackers copied ‘a large part’ of that database and this is the second biggest breach for a US company since the Adobe breach of around 152 million user accounts last October.
 
While eBay spokesperson Amanda Miller told Reuters that passwords were encrypted claimed that decryption would not be easy. Miller said that after the breach was discovered in early May and it was determined to have occurred in late February or early March, Miller said eBay “worked aggressively and as quickly as possible to insure accurate and thorough disclosure of the nature and extent of the compromise”.
 
eBay said that it had not seen any indication of increased fraudulent activity on its website and that there was no evidence that PayPal had been breached. Users were due to receive a notification from eBay to request them to change their password, and on Thursday morning, Devin Wenig, president of eBay Marketplaces, said it believed the encryption would keep passwords secure, but “we don’t want to take any chances”.
 
Wenig said: “We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts.
 
“Meanwhile, our team is committed to making eBay as safe and secure as possible. So we are looking at other ways to strengthen security on eBay. In the coming days and weeks we may be introducing new security features. We’ll keep you updated as we do.”
 
Commenting, Dr Guy Bunker, cyber security analyst at Clearswift, said: “The major concern with this cyber attack, on such a huge scale, is eBay’s failure to recognise the attack immediately, which led to the delay in informing its millions of customers. This implies an immense failure on eBay’s behalf to maintain control and protection of its users’ critical information.
 
“It is a company’s responsibility to understand where its critical information is 100 per cent of the time, who has access and how. While eBay has confirmed that no financial information has been breached, personal information have all fallen into the hands of the hackers. With such a delay in acknowledging the attack, the true extent of the data loss is not yet known and it’s imperative that further analysis is done before we can make any further assumptions.”
 
Since the announcement was made, there has been little information on how attackers got the employee login credentials. Sergio Galindo, general manager of the infrastructure business unit at GFI Software, said: “Reports so far suggest that the eBay hacking incident was at least in-part facilitated by lax employee data security. In reality this could be anything from weak and easily discoverable passwords, to exploitation of insecure network devices in order to breach a system without throwing up any red flags and with minimal effort and equipment.
 
“Alongside hackers tapping into unofficial Wi-Fi hotspots and running through the known default passwords for switches and routers, these are frequent occurrences at organisa
tions globally that not only damages customer confidence and brand value, but also cost money, time and productivity in the short term as the companies affected try to recover.”
 
eBay said that it shut down unauthorised access to its website and has put additional measures in place to enhance its security, as well as seeing no spike in fraudulent activity on the site.
 
Dwayne Melancon, CTO of Tripwire, said: “eBay users have long been a popular target for phishing emails, and users must be especially wary during incidents like this. To be safe, users should not click on links in emails about eBay security or password changes; instead, they should type the eBay URL directly into their browsers and log into the site that way to prevent disclosing their credentials to spoofed, malicious copies of the eBay site.”

FacebookTweetLinkedIn
Tags: attackBreacheBay
ShareTweetShare
Previous Post

ProofPoint to move into incident response area with acquisition

Next Post

eBay breach poses problems for 99 per cent of companies

Recent News

Phone with app store open

$400,000 Fine for Stalkerware App Developer

February 6, 2023
london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information