Even though the passwords were stolen, they were all tightly encrypted

May 22, 2014 06:37 GMT  ·  By

The second biggest security breach in history goes out to eBay, which got raided by hackers between late February and early March. According to the company, 145 million user records were accessed in the breach. 

eBay has already advised users to change their passwords immediately, since these were among the first pieces of data grabbed by the hackers responsible for the attack.

Fortunately, the passwords were encrypted and the company says that there’s no reason to believe that the hackers have broken the code to expose them, but there’s always the chance that they may have done this.

“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers,” eBay said in a press release.

The data trove stolen by hackers includes email addresses, birth dates, mailing addresses and other personal information. Financial data such as credit card numbers continue to be safely tucked away at eBay, so you shouldn’t worry. It might be advisable, however, to make sure your email accounts are secure and that you’re not using some password that can be cracked in 2 seconds flat.

This is also a reminder that people should really not use the same password for multiple accounts because this practice puts them all at risk in a situation such as the one that eBay is going through.

According to Reuters, eBay has hired FireEye Inc’s Mandiant forensics division to investigate the issue, a company that once published an article about a hacking group in Shanghai that was linked to the People’s Liberation Army.

The company had previously unveiled that a large number of accounts was affected by the security breach, but the number of accounts was kept under wraps for as long as possible.

“Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts,” eBay said yesterday.

The company said that there had been no spike in fraudulent account activity on eBay or evidence of unauthorized access or compromises to personal or financial information for users of sister company PayPal.