Security Bulletin: eBay Customer Information Breach
What is it?
On May 21, 2014, eBay revealed a security breach. The company’s database containing customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates has been stolen. According to eBay, the database did not contain financial information and the passwords were stored in an encrypted format, but there is no guarantee that the hackers would not be able to decrypt some or all of the passwords. The initial attack that lead to the breach happened as long as three months ago.
Who is impacted?
Potentially any eBay user. EBay is asking its more than 128 million users to change their passwords.
What should you do?
The Winxnet Security Team is advising the following:
- All eBay users should change their passwords and review their last three months of transactions to ensure they are valid.
- Although eBay does not believe PayPal was affected by this breach, we suggest erring on the side of caution and changing PayPal passwords as well.
- For individuals that used the same password as their eBay password on other sites, we recommend changing passwords on these other sites as well.
In general, periodic password changes are always a good practice. Additionally, we would like to remind everyone to avoid password reuse, so a compromise of one system does not lead to additional exposure.
Where can you get more information?
There is more information about the breach in the eBay press release. The Winxnet Security Team is happy to answer any questions you may have on this subject. You can contact us at 866.946.9638 or firstname.lastname@example.org.
The Winxnet Security Team provides information security services to customers throughout the Eastern United States. Our team is led by Eugene Slobodzian, PhD, CISSP with over 15 years of experience providing Information Security services to businesses throughout the region. Winxnet provides Managed Security Services, Penetration Testing, Vulnerability Management, Social Engineering Tests, IT Risk Assessments and Virtual Security Officer consulting.