Ebay, the world’s biggest internet auction site, is the latest large organisation to be the victim of a cyber hack.
Blaming what they call an “Achilles heel” for the encrypted user information being taken, the company quickly advised users to change their password in order to prevent personal information falling into the wrong hands.
It’s thought to be the biggest reported hack ever in terms of the number of people affected (approximately 223m worldwide). Although it’s believed that financial data is not at risk, it’s still a major concern that data such as phone numbers and email addresses could be exposed to hackers.
So how does this news affect you, the eBay user?
Here are the answers to some pressing questions that you may have.
So, do I need to change my password?
In short; yes.
It might seem a hassle but it’s possible that your details have fallen into the hands of hackers, so to prevent any illegal activity like identity theft, you should change your password immediately.
Oh, and remember to choose your new password wisely.
What about my bank card details?
eBay has been keen to point out that no financial data has been pilfered, as this is stored separately, so your debit and credit card details should be perfectly safe.
What is the encrypted data at risk?
It’s not clear exactly what information is at risk but it’s more than likely coded passwords as well as personal information such as customer names, email addresses, encrypted passwords, physical addresses, phone numbers and dates of birth.
My PayPal account is linked to eBay – is that at risk too?
Although eBay owns PayPal, the systems are completely separate and weren’t both subject to this hack.
However, many people tend to use the same password on eBay as they use on PayPal, so it goes without saying that if you change your eBay password, you should do the same with your PayPal details – ideally making sure they are both different and not making the job of hackers any easier.
If my cards are safe, what should I be worried about?
The biggest risk is from “phishing” emails that ask you to change your eBay details but actually take you to another site where your details can be stored and used illegally without you knowing.
Usually these “phishing” emails can be spotted easily due to the fact they are very generic and don’t contain any of your personal information. But if hackers have gained access to your details then they will be able to personalise them and make them appear more convincing. To be on the safe side, don’t follow any links in emails that seem to come from eBay – type the site’s address into your browser instead.
And what about my secret security question? Should I change that?
No, eBay have assured customers this is not a risk and doesn’t need to be changed.
So even if I changed my passwords after the “Heartbleed” bug I need to do it again?
Yes. The “Heartbleed” bug was around at about the same time that this hack was thought to have taken place. And, although it’s difficult to tell which came first, to be on the safe side it’s recommended that you should change your password again.
Who are the hackers?
Nobody has come forward to claim responsibility and eBay haven’t pointed the finger at anyone as yet, but the fact that it was their customer database that was targeted suggests this was a commercially oriented attack and not just the work of anonymous “hacktivists”.
Why did it take so long for eBay to tell us?
That’s purely down to the time it takes to realise that a breach has taken place and then to work out the extent of the potential damage to accounts. This hack is thought to have taken place in March, so not a long time really considering the amount of information it has stored.