Ebay users are today being urged to change their passwords, after the global retail giant was the victim of a cyber-attack in late February and early March.
A spokesperson for eBay Australia told SmartCompany the retailer is contacting all eBay users to ask them to change their passwords, after the company revealed the eBay corporate information network was hacked and a database containing eBay user passwords was compromised.
The company said in a statement overnight the affected database contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.
Ebay said there is no evidence the attack has resulted in unauthorised activity on eBay user accounts or that access has been gained to financial or credit card information through PayPal, which is stored separately.
While the spokesperson says eBay does not disclose the regions of its users, the online shopping platform now has 145 million active buyers.
“Our customers are our highest priority and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” says the spokesperson.
It is also recommending users who use the same password on other sites to update those passwords too. “The same password should never be used across multiple sites or accounts,” said the company.
It is advice echoed by AVG security advisor Michael McKinnon, who told SmartCompany it is essential that individuals and businesses don’t re-use passwords on more than one website.
“It’s about siloing the risk of attacks on different accounts,” says McKinnon. “So if one site is compromised, you don’t put yourself at risk.”
McKinnon says businesses need to take even more care, especially when it comes to anything related to money coming in and out of the business, including payroll and banking details.
“This is yet another example of a fairly large site that has had something compromised,” says McKinnon, who says this type of cyber-attack and then disclosure by the company has become more frequent over the past four to five years.
A recent report from online threat protection company FireEye found that of more than 1,217 organisations tested using FireEye network and email appliances, 97% of organisations had been breached by cyber-attacks.
While the answer to why these attacks are becoming more prevalent is extremely complex, McKinnon says large companies like eBay are naturally more prone to attacks.
“We talk about ‘attack surface’, so as an organisation gets larger and uses more technology, the greater the potential for these kinds of vulnerabilities and attacks,” he says.