View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

EBay initially thought customer data not compromised

EBay is under severe criticism for 'delayed' notification.

By CBR Staff Writer

Amidst growing criticism of EBay’s delayed notification of the breach, the online marketplace said that it initially believed that the customer information is safe following the breach was detected.

EBay is under severe criticism for any possible delay in notification, following hackers compromised 145 million user data, as forensic investigation found that the breach was detected in early May while it was reported last week.

EBay Marketplaces Business Unit president Devin Wenig told Reuters, "For a very long period of time we did not believe that there was any eBay customer data compromised."

Wenig added that the company moved "swiftly to disclose" the breach after it found that customer data has been compromised.

According to the company the hackers used credentials of three of its corporate employees to break into the user database. The company also added that during the breach the data of all users including email addresses and encrypted passwords were accessed by hackers.

Wenig added, "Millions" of users have since reset their passwords and the company had begun notifying users, though it would take some time to complete that task."

"You would imagine that anyone who has ever touched eBay is a large number," he said.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"So we’re going to send all of them an email, but sending that number all at once is not operationally possible."

"We want to make sure it doesn’t happen again so we’re going to continue to look our procedures, harden our operational environment and add levels of security where it’s appropriate."

The company last week said, the its database was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.

EBay however at that time denied that the compromised database contain any financial information or other confidential personal information.

The company said that the compromised employee log-in credentials were first detected about two weeks ago. It added that PayPal data has not been compromised as it is stored in a separate network and all PayPal financial data is encrypted.

Currently the company has no plan to offer compensation to any customer saying that there is no financial loss reported so far.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.