By Deborah Ayoade
A post on eBay’s corporate site declared that hackers obtained ‘a small number of employee log-in credentials’, leaving 128 million eBay users possibly be at risks of identity fraud from a system attack they only became aware of two weeks ago.
The online market firm claim that during the periods of late February and early March, hackers were able to infiltrate into its corporate network. Managing to obtain access to a database, which contained a number of encrypted confidential data, such as passwords, email addresses, home addresses, date of birth and other non-financial data.
Although, the US firm have seen no indication of any unauthorised activity on any of its members’ accounts. They are appeal to eBay users via its website, email and social media to change their passwords on the site and encourage users to update the password on other sites where they users may have used the same passwords or login details.
eBay engineers are also said to be in the process of rolling out a feature that would force users to choose new passwords next time they logged in. This feature will be implemented in each and every country they operate in.
When asked why they had sat on the cyber attack information for a fortnight. eBay suggested that after ‘Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.’
However, security firms are concerned at the risk of users being victims of identity fraud. Although changing passwords will help restrict access to the site, the cyber attackers could still use the stolen credentials’ to commit identify fraud.
Security expert Alan Woodward offers this advice:
Don’t choose one obviously associated with you: Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet’s name you’re in trouble.
Choose words that don’t appear in a dictionary: Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
Use a mixture of unusual characters: You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!
Have different passwords for different sites and systems: If hackers compromise one system you do not want them having the key to unlock all your other accounts.
Keep them safely: With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.