{"id":3368,"date":"2014-05-21T13:18:05","date_gmt":"2014-05-21T17:18:05","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3368"},"modified":"2017-05-19T05:08:21","modified_gmt":"2017-05-19T09:08:21","slug":"ebay-data-breach-exposes-passwords","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/ebay-data-breach-exposes-passwords\/3368\/","title":{"rendered":"eBay Database Breached, Forced Password Changes Loom"},"content":{"rendered":"<p>The online retail and auction giant eBay announced this morning that attackers compromised a database containing encrypted user-passwords and other sensitive information. The company plans to contact affected users via email and post a notification on its website later today. At some point in the near future, users will be forced to change their passwords for that service.<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/05\/05111249\/ebay-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4825\" alt=\"ebay\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/05\/05111249\/ebay-1.jpg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>The company says it does not believe that there has been any unauthorized customer account activity as a result of the breach. Furthermore, eBay Inc. is claiming that user-financial data as well as PayPal information is not at risk because that data \u2013 which is also encrypted \u2013 is stored on separate, unaffected servers.<\/p>\n<p>\u201cCyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay\u2019s corporate network,\u201d the company said in a statement. \u201cWorking with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.\u201d<\/p>\n<p>The information stored on the compromised database is said to include eBay customer names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. eBay says it first discovered the compromised employee credentials two weeks ago. Some time between then and now the company claims it identified which database was affected, and is now contacting customers accordingly.<\/p><blockquote class=\"twitter-pullquote\"><p>eBay users will be forced to change their passwords because of a data breach that exposed encrypted user credentials.<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FLp4h&amp;text=eBay+users+will+be+forced+to+change+their+passwords+because+of+a+data+breach+that+exposed+encrypted+user+credentials.\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>eBay account holders should receive an email notification from the company later in the day. eBay will also post notifications on its website at that time.<\/p>\n<p>Users will eventually be forced to change their passwords on eBay and are encouraged to change passwords for other accounts if they are using the same passwords elsewhere. Trey Ford, a global security strategist at the security firm Rapid7, noted in an email that these passwords will eventually be decrypted, which is why it is particularly important that users change these and any shared passwords.<\/p>\n<p>This is precisely why you should never share passwords. When breaches like this one occur, attackers create automated tools that enter breached user-name and password combinations into popular online services in an attempt to compromise accounts on those sites as well.<\/p>\n<p>\u201cUsers should be wary of anyone contacting them claiming to be eBay or any other company for that matter,\u201d Ford went on to note. \u201cExpect an uptick in phishing, do not click links in email, or discuss anything over the phone.\u201d<\/p>\n<p>This is particularly important: Make sure you navigate directly to the eBay website to change your password. You should not change your password following a link from email. As this news becomes more widespread, attackers will probably begin crafting phishing emails \u2013 purporting to come from eBay and perhaps PayPal as well. These emails generally present users with links leading to malicious sites that look like legitimate ones. These links will claim to enable password resets, but, in reality, they are often attempts to get users to willingly hand over login information.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>eBay users will be forced to change their passwords because of a data breach that exposed encrypted user credentials.<\/p>\n","protected":false},"author":42,"featured_media":3369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[314,622,187],"class_list":{"0":"post-3368","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-data-breach","9":"tag-ebay","10":"tag-passwords"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ebay-data-breach-exposes-passwords\/3368\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ebay-data-breach-exposes-passwords\/3479\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ebay-data-breach-exposes-passwords\/3792\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/ebay-data-breach-exposes-passwords\/3921\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ebay-data-breach-exposes-passwords\/4076\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ebay-data-breach-exposes-passwords\/4824\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ebay-data-breach-exposes-passwords\/3716\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ebay-data-breach-exposes-passwords\/4076\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ebay-data-breach-exposes-passwords\/4824\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ebay-data-breach-exposes-passwords\/4824\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/data-breach\/","name":"data breach"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3368"}],"version-history":[{"count":1,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3368\/revisions"}],"predecessor-version":[{"id":7052,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3368\/revisions\/7052"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3369"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}