eBay hacked - millions of passwords and other data stolen.
5 PHOTOS
The Californian-based company, which has 128 million active users, revealed that a database had been hacked between late February and early March. It was the biggest ever cyber attack during the existence of eBay.
The attackers had accessed a database containing encrypted passwords and other data after obtaining a small number of employee log-in credentials.
The hackers also hacked:
• email addresses
• physical addresses
• phone numbers
• dates of birth
Though the data for its money-transfer service, PayPal, was stored separately and had not been compromised.
Some questions about lack of security have been raised. Why phone numbers, addresses and dates of birth stored on the database were not encrypted?
"We provide different levels of security based on different types of information we're storing and all financial information across all of our business is encrypted," eBay representative said.
"We also have no indication of increased fraudulent activity on our site or that the encryption on passwords has been broken.
But some security experts think that it is quite possible that the encrypted passwords have been broken.
"Over 80% of encrypted hashes used on web applications can be brute-forced within 2-3 days”.
Big tech firms needed to give serious thought to how to prevent their staff accounts being compromised as it happened with eBay.
The security experts suggest to use two-factor authentication. It means that in addition to a password sending a Pin code to a clients smartphone.
