eBay has revealed that hackers breached its network 3 months ago, gaining access to over 145 million customer records. It marks the second biggest such breach in U.S. history after Adobe systems saw 152 million customer accounts compromised last October. This also comes months after Target reported a data breach affecting 40 million credit and debit accounts.
eBay spokeswoman Amanda Miller said that encrypted passwords in addition to personal information like mailing addresses, emails and birth dates were stolen. Credit card information was not accessed.
Customers are being urged to change their passwords immediately and to not use the same password for different websites. eBay maintains that the hackers will not be able to crack their encryption. Said Miller:
“There is no evidence of impact on any eBay customers. We don’t know that they decrypted the passwords because it would not be easy to do.”
ACY Securities Supports ASIC’s Product Intervention OrderGo to article >>
Some have read deeply into eBay’s warning to change passwords, speculating that there is indeed a risk that the hackers will be able to de-encrypt them. eBay says that they have not observed an increase in fraudulent activity on the site as a result of the breach.
The breach happened sometime between late February and early March and was discovered in early May. Asked why this wasn’t brought to the public’s attention earlier, Miller replied, “We worked aggressively and as quickly as possible to insure accurate and thorough disclosure of the nature and extent of the compromise.” The company did bring in security experts and law enforcement personnel immediately upon discovering the breach. One can speculate that this was done so that they can come forward with the situation more under control and less damaging in the public sphere.
A step forward for Bitcoin?
eBay, through its payment processor PayPal, is effectively a rival to Bitcoin, at least for now. Bitcoiners embarrassed by the myriad of hackings will take consolation in shared agony, knowing that these things happen to everyone.
The obvious difference: the practical fallout from eBay et al’s hackings has thus far been virtually nil. Even if a credit card were to be compromised, one is rest assured that the company will do its utmost to compensate the customer and take additional remedial measures. With Bitcoin, on the other hand, millions have been stolen. There is no recourse for the victims, despite efforts of law enforcement personnel.
The bigger opportunity may be for companies to work with and learn from Bitcoin when it comes to advanced methods of encryption.