when the eBay admitted on Wednesday that it had been the victim of a cyber attack, the company asked its 145 million active users to change their passwords. But intruders had access to a client database that included other personal information, such as names, addresses and dates of birth - data that could not be changed so easily.
The good news is that eBay reports that no financial information was leaked. Financial data was stored on different systems, and eBay reports that there is no evidence that all PayPal data was compromised. The bad news is that the data leaked is important.
EBay representatives have told Mashable that the company does not know how many 145 million active accounts were acquired by the attackers. Millions of other inactive accounts could also have been affected.
Let's mention once again that the data leaked is very important information. OR attack against Wired journalist Mat Honan proved that if hackers gain access to only a few personal information - such as phone number, email and physical address - combined with good old-fashioned social engineering can cause irreparable damage.
Leakage includes birth date, phone number, and physical address. This type of data can make it easy for criminals to bypass security settings.
Researcher Ashkan Soltani notes that at least one person claims to sell the company's alleged database of users. This person wants 1.453 BTC (approximately 753 dollars) in exchange for accessing a base containing 145.312.663 unique records. But according to eBay, this can not be the case.
Journalist and security researcher Brian Krebs says it is very likely that the email addresses in the leaked data will start receiving more spas. It also states that spam "will likely involve phishing attacks aimed at stealing logins or even spreading malware."
Krebs believes this kind of database will be "a goldmine for phone fraud artists"
The data was not all encrypted
It is shocking that names, phone numbers, dates of birth, email addresses and home addresses were not only not encrypted - but were stored in plain text.
This information is not optional. To sign up for an eBay account, the user must provide a name, address, and phone number. If you want to sell something on eBay, you should give a date of birth that shows you are over 18 years old.
So with the 145 million active eBay accounts leaked, users essentially handed over their security to the company, which stored it in plain text…