eBay Faces Backlash for Slow Handling of Hack Attack


Online marketplace eBay is facing questions over its handling of a hack attack that exposed millions of passwords and other data.

A promised feature obliging members to reset passwords when they next logged in has not yet been made available.

Instead the auction site has added a notice to its homepage, simply recommending users update passwords “as a first step”.

Security experts said its reaction raised “serious questions”.

“We know that customers are concerned, and want us to fix this issue straight away, and we are working hard to do just that,” eBay told the BBC.

“Our first priority is and always has been to protect our users’ information and ensure we correctly deal with the technical challenges such a situation brings, and that is why as a first step we have requested all users change their passwords.

“Other steps, including email notification, will follow, and we will ensure all eBay users have changed their passwords over the coming days.”

Many of its users were angry about how slowly the firm had dealt with the problem.

“Just wondering why I’m hearing this from BBC before eBay,” said one reader of the BBC website.

Alan Woodward, an independent security consultant, was also unimpressed.

“It shouldn’t take this long to have something in place that forces users to change their passwords, and it should have let people know what was happening – it doesn’t take much time to send an email out for goodness sake,”

It built a picture of a firm with “serious questions” to answer, he told the BBC.

The Californian-based company, which has 128 million active users, revealed that a database had been hacked between late February and early March.

The attackers had accessed a database containing encrypted passwords and other data after obtaining a small number of employee log-in credentials, the firm disclosed.

The other data included:

  • email addresses
  • physical addresses
  • phone numbers
  • dates of birth

Data for its money-transfer service, PayPal, was stored separately and had not been compromised, the firm said.

Click here to continue reading…

SOURCE: Jane Wakefield
BBC News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s