E-COMMERCE giant eBay has told all its users to change their passwords in the wake of a cyber attack on the popular online marketplace.
In a statement on the company's website, the US-based business said they were asking users to reset their passwords after an attack "compromised a database containing encrypted passwords and other non-financial data".
The site, which has more than 14 million active users in the UK, was quick to say that it believes no unauthorised access was gained to personal data, but that a password reset was the best practice to help ensure security.
"Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network," said the statement.
"Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers. Information security and customer data protection are of paramount importance to eBay Inc, and eBay regrets any inconvenience or concern that this password reset may cause our customers.
"We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace."
eBay said that the database was breached at some point in late February and early March, with access gained to personal customer information including passwords, addresses and dates of birth.
"However, the company says that no financial information has been compromised as this data is stored on a separate database under a different encryption.
"The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today," said the statement.
"The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorised access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted."
The internet is still recovering from the Heartbleed bug, a flaw in the OpenSSL encryption on computers that protects user information when someone is online.
The flaw had been present for two years undetected, and offered hackers a way into personal accounts across the web. UK parental advice site Mumsnet was the first to admit they had been a victim of the bug. Fixes, or "patches", have since been applied across the web as sites recover from the bug.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules hereComments are closed on this article