This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-27503290
The article has changed 8 times. There is an RSS feed of changes available.
| Version 2 | Version 3 |
|---|---|
| eBay makes users change their passwords after hack | eBay makes users change their passwords after hack |
| (35 minutes later) | |
| Auction site eBay is forcing users to change their passwords after a cyber-attack compromised its systems. | Auction site eBay is forcing users to change their passwords after a cyber-attack compromised its systems. |
| The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data. | The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data. |
| The company added that it had no evidence of there being unauthorised activity on its members' accounts. | The company added that it had no evidence of there being unauthorised activity on its members' accounts. |
| However, it said that changing the passwords was "best practice and will help enhance security for eBay users". | However, it said that changing the passwords was "best practice and will help enhance security for eBay users". |
| The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013. | The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013. |
| It said it would be contacting users to alert them of the issue via email, its website, adverts and social media. | It said it would be contacting users to alert them of the issue via email, its website, adverts and social media. |
| Stolen credentials | Stolen credentials |
| A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago. | A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago. |
| "The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said. | "The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said. |
| "However, the database did not contain financial information or other confidential personal information. | "However, the database did not contain financial information or other confidential personal information. |
| "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today." | "Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today." |
| Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed. | Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed. |
| It added that any members who used the same login details used on eBay for other sites should also update them. | It added that any members who used the same login details used on eBay for other sites should also update them. |
| EBay has not provided any information about the kind of encryption it used. | EBay has not provided any information about the kind of encryption it used. |
| One expert said there was still a concern that the hackers might be able to make use of their haul. | One expert said there was still a concern that the hackers might be able to make use of their haul. |
| "We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant. | "We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant. |
| "The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams." | "The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams." |
| Password Tips | |
| Security expert Alan Woodward offers this advice: | |
| Are you an eBay customer? Are you worried about your account being hacked? Email us at HaveYourSay@bbc.co.uk adding 'eBay' in the heading and including your contact details. | Are you an eBay customer? Are you worried about your account being hacked? Email us at HaveYourSay@bbc.co.uk adding 'eBay' in the heading and including your contact details. |