On May 21 eBay announced that it suffered a major data breach, exposing personal data of up to 233 million registered users. The company is now being investigated by three states with a joint probe into its security practices.
eBay has been criticized for taking three months to notice the breach and then a few more weeks before making an announcement. No mass email was sent, but they did post a warning to their website, originally with a “learn more” link that lead to a blank page (now fixed).
eBay is telling all customers to reset their password. If members used their password at other sites, they should change their passwords for those sites as well.
The data was stolen via a number of compromised employee credentials, according to eBay. The thieves were then able to access the company’s corporate network.
What did the thieves get? There was no financial or other confidential personal information in the compromised database. But the thieves did get hold of real names, email addresses, phone numbers and home addresses of customers in addition to their passwords, which were encrypted.
Read the story in the news here and here.