eBay cyber-breach: 145 million records hacked

21 May, 2014 14:39 / Updated 11 years ago

Online auction site eBay has advised its clients to change their passwords after a cyber-attack allowed hackers to gain access to one of its databases. Information stolen included personal details of 145 million accounts.

eBay spokeswoman Amanda Miller told Reuters that the hackers gained access to 145 million records, of which they copied "a large part." Those records contained passwords, email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers - this data was encrypted separately.

The California-based company has been asking its users “to change their passwords because of a cyber-attack that compromised a database containing encrypted passwords and other non-financial data,” according to a statement released on the company website.

The online auction company with a global customer base of 233 million also reassured users that credit card details and other financial data is stored separately in encrypted formats.

Hackers reportedly gained access through employee login credentials which they said thereby allowed “unauthorized access to eBay’s corporate network.”

The attack took place between late February and early March and the hackers gained access to a database which stored details included names, passwords, email addresses, real addresses and birthdays.

Shares in the company, which operates in 37 markets, fell some 3.2 percent in what is the latest notable cyber-attack on a big US company.

The company announced that it is “aggressively investigating the matter,” working with law enforcement and leading security experts.

In December, Target Corp. announced that it had fallen victim to cyber-attacks, with hackers seizing details of some 40 million credit and debit cards of the retailer’s customers. In April, AOL also announced that 2 percent of its accounts had been compromised and also urged their email account holders to change passwords in a subsequent statement.