科技头条20140522

eBay网站遭黑客攻击 呼吁用户修改密码】eBay周三宣布,一个包含加密密码和非财务数据的数据库遭到黑客攻击,数据出现泄露,因此将要求用户修改密码。数据库中包含eBay用户的姓名、加密密码、电子邮件、地址、电话号码和生日。不过,这一数据库并不包含任何财务信息和其他敏感信息。

eBay hit by major cyber attack: 128 million are urged to change their password NOW after hackers access personal details

http://www.dailymail.co.uk/sciencetech/article-2635053/Use-eBay-Then-change-password-NOW-Site-requests-users-change-personal-details-dont-explain-why.html

7462373

 

eBay has urged its 128 million users to change their passwords following a cyber attack that has compromised its databases.

Hackers were able to steal what eBay claims is a 'small number' of its employee login details, allowing them to infiltrate its corporate network.

The cyber attack was made between late February and early March and gave hackers full access to eBay customers' name, encrypted password, email address, home address, phone number and date of birth.

'The database did not contain financial information or other confidential personal information,' eBay said in a statement.

'There is no evidence of unauthorised access or compromises to personal or financial information for PayPal users.'

The company said it is encouraging any eBay user who used the same password on other sites to change those passwords too.

However, although changing passwords will restrict access to the site, the hackers could still use the stolen information to commit identity fraud.

'That is a serious concern,' Graham Cluely from security firm Sophos told MailOnline.

'Obviously they’ve got hold of names, addresses and date of births. All of this can be used to commit identity fraud.

'What we don’t know at the moment is how strongly eBay has encrypted its passwords and that could be a key issue.

'If they have your password, and you have the same password for other websites, hackers could access your email, your Amazon account and who knows what else.'

'Users should be wary of anyone contacting them claiming to be eBay or any other company for that matter,' warned Trey Ford, a global security strategist at Rapid7.

'Expect an uptick in phishing, do not click on links in emails, or discuss anything over the phone. Call customer service instead or go directly to websites as you normally would.'

News of the hack attempt emerged earlier today when a message was posted on PayPal under the headline 'eBay Inc. To Ask All eBay Users To Change Passwords.'

The only text in the body of the post was 'placeholder text' and it was taken down within hours.

It is not yet known how the hackers were able to steal employee login details.

'Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customer,' the group added.

The company said that the compromised employee login credentials were first detected about two weeks ago.

Early reports said the password change may have been a result of the worldwide Heartbleed security breach last month, but PayPal said at the time its servers weren’t at risk and had not been affected.

'eBay workers could have been phished, had spyware installed on their computers or they could have been using old passwords,' said Mr Cluely.

In January, a former Google software engineer, Naoki Hiroshima, published a blog post titled ‘My $50,000 Twitter Username Was Stolen Thanks to PayPal and GoDaddy’.

In it, he said a scammer used social engineering techniques to get PayPal and GoDaddy employees to release information that helped the scammer hijack his account.

‘I called PayPal and used some very simple engineering tactics to obtain the last four digits of your card,’ the scammer said.

However, eBay denied the allegation claiming its PayPal's customer service agents were well trained to prevent social hacking attempts.

The California-based company has 128 million active users and accounted for £126 billion ($212 billion) worth of commercial activities last year.

 


Comments are closed.



无觅相关文章插件