Resultados 1 a 5 de 5
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,042

    [EN] eBay Asks Users to Change Passwords After Breach

    The database was hacked sometime between late February and early March, but compromised employee log-in credentials were first detected two weeks ago.

    eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.


    NEW YORK — E-commerce site eBay is asking users to change their password after a cyberattack compromised a database containing encrypted passwords.

    The company says there is no evidence of any unauthorized activity and no evidence any financial or credit card information was stolen.

    EBay says its investigation is active and it can't comment on the specific number of accounts affected, but says the number could be large, so it is asking all users to change their passwords. EBay had 145 million active users at the end of the first quarter.

    Cyberattackers stole a small number of employee log-in credentials that gave access to eBay's corporate network, the company said. The San Jose, California-based company is working with law enforcement to investigate the attack.

    The database was hacked sometime between late February and early March, but compromised employee log-in credentials were first detected two weeks ago.

    EBay owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.

    The attack follows several other high-profile hacking incidents, including a massive data breach at Target stores and the spread of the computer security flaw nicknamed "Heartbleed." Heartbleed took advantage of a flaw in a key piece of security technology used by more than 500,000 websites that had been exposing online passwords and other sensitive data to potential theft for more than two years.

    And during the Target credit data breach last year, hackers stole about 40 million debit and credit card numbers and personal information for 70 million people.
    http://www.nytimes.com/aponline/2014...er-attack.html

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,042

    EBay Says Client Information Stolen in Hacking Attack

    (Reuters) - E-commerce company eBay Inc said a database was compromised in a hacking attack between late February and early March, and clients' non-financial information was stolen.

    EBay said the compromised database contained customer names, encrypted passwords, email addresses, birth dates, physical addresses and phone numbers. It said it would ask users to change their passwords.

    The company said in a statement the attack has allowed unauthorized access to the company's corporate network but it found no evidence of any unauthorized access to financial or credit card information.

    (Reporting by Soham Chatterjee)

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,042
    http://www.ebayinc.com/in_the_news/s...ange-passwords

    eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

    Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

    Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

    The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

    The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

    Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

  4. #4
    WHT-BR Top Member
    Data de Ingresso
    Nov 2010
    Posts
    1,611
    Eu não recebi nenhuma notificação sobre mudança de senha, apenas disso fiz para não correr riscos.
    oGigante.com*• Revenda de Hospedagem Cloud Linux + WHMCS Grátis
    VWhost.com.br • Revenda de Hospedagem Linux Cpanel + CloudFlare
    Zocka.com.br • Hospedagem de Sites Cpanel + Construtor de Sites

  5. #5
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,042
    Citação Postado originalmente por chuvadenovembro Ver Post
    Eu não recebi nenhuma notificação sobre mudança de senha, apenas disso fiz para não correr riscos.
    Seven hours on, users still not warned that hackers obtained their personal data

    eBay officials are taking flak for burying news of the password reset issued in response to a hack on the company's corporate network that exposed sensitive data for millions of users.

    More than seven hours after eBay published an advisory that was five clicks removed from end users, the company still made no mention of the breach, said to affect 145 million customers, in e-mails, on its front page, or when users log in to their accounts. The bare-bones post disclosed a breach in February or March that allowed attackers to make off with cryptographically protected passwords. It advised users to change their login credentials. The breach also exposed customers' names, e-mail addresses, home addresses, phone numbers, and dates of birth in a human readable format.

    Given the magnitude of the breach, it's surprising to see an Internet-based company like eBay take so long to directly notify customers and inform them of what steps they should take to protect themselves. The burying of such an important advisory didn't escape the scrutiny of security bloggers such as Graham Cluley or Paul Roberts. Asked to comment on the lack of disclosure, an eBay spokeswoman wrote: "An updated password reset process is currently being rolled out to all our users. It will be available shortly."

    eBay users should be wary of anyone contacting them claiming to be eBay or any other company. They should also anticipate an increase in phishing e-mails. That means they should avoid clicking links in e-mails or discussing anything sensitive over the phone. People who use their eBay password on other sites or services should immediately change it.

    The lack of timely disclosure comes two weeks after eBay's discovery that "a small number of employee log-in credentials" had been compromised. If eBay wants to restore trust, it should explain why it took so long to directly notify customers that they should change their passwords. It should also provide a more thorough timeline about exactly what it knew and when, and what the process is for making such information known to users. Plus, officials should explain what they meant in their advisory by "encrypted passwords." If that means that passwords were converted to one-way cryptographic hashes, eBay should say how resistant the underlying algorithm is to the types of password cracking techniques that have grown so common that they're now a pastime among script kiddies.

    http://arstechnica.com/security/2014...database-hack/

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •