when the eBay admitted on Wednesday that he had been the victim of a cyberattack, the company ζήτησε από από τους 145 εκατομμύρια ενεργούς χρήστες να αλλάξουν τους κωδικούς πρόσβασής τους. Αλλά οι εισβολείς είχαν πρόσβαση σε μια βάση data customer data that included other personal information such as names, addresses and dates of birth – data that cannot be so easily changed.
The good news is that eBay reports that no financial information was leaked. Financial data was stored on different systems, and eBay reports that there is no evidence that all PayPal data was compromised. The bad news is that the data leaked is important.
FromfaceEBay officials told Mashable that the company does not know how many of the 145 million active accounts were acquired by the attackers. Millions of other inactive accounts could also have been affected.
Let's mention once again that the data leaked is very important information. OR attack against Wired journalist Mat Honan proved that if hackers gain access to only a few personal information - such as phone number, email and physical address - combined with good old-fashioned social engineering can cause irreparable damage.
Leakage includes birth date, phone number, and physical address. This type of data can make it easy for criminals to bypass security settings.
Researcher Ashkan Soltani notes that at least one person claims to sell the company's alleged database of users. This person wants 1.453 BTC (approximately 753 dollars) in exchange for accessing a base containing 145.312.663 unique records. But according to eBay, this can not be the case.
Journalist and security researcher Brian Krebs says it is very likely that the email addresses in the leaked data will start receiving more spas. It also states that spam "will likely involve phishing attacks aimed at stealing logins or even spreading malware."
Krebs believes this type of database will be “a gold mine for phone artists scamς ”
The data was not all encrypted
It is shocking that names, phone numbers, dates of birth, email addresses and home addresses were not only not encrypted - but were stored in plain text.
These items are not optional. To register for an eBay account, the user will need to provide one name, his address and telephone number. If you want to sell something on eBay, you'll need to provide a date of birth that shows you're over 18 years old.
So with the 145 million active eBay accounts leaked, users essentially handed over their security to the company, which stored it in plain text…