EBay hack leaves many questions unanswered
EBay Inc's description of how hackers got access to its entire database of 145 million user records leaves many questions unanswered as to how cyber criminals orchestrated what appears to be the second-biggest data breach in US history.
The company has said hackers attacked between late February and early March with login credentials obtained from "a small number" of employees. They then accessed a database containing all user records and copied "a large part" of those credentials.
The breach was discovered in early May and disclosed on Wednesday.
Security experts and Wall Street analysts want to know how they got those credentials and if the employees whose information they used were entitled to unfettered access to its user database, which contains some of its most sensitive information.
"They've been pretty tightlipped. They've barely provided any information. They should be more forthcoming about what happened," said David Kennedy, chief executive of TrustedSEC LLC, an expert in investigating data breaches.
In particular, Kennedy wants to know why it took eBay three months to detect the intrusion.
Read: After cyberattack, eBay advises password change
An FBI spokesman told Reuters the bureau is working with EBay to investigate the breach, but declined to elaborate. EBay said it had hired FireEye Inc's Mandiant forensics division to help with its review. A FireEye spokesman declined to comment.
Dan Kaminsky, a well-known Internet security expert who is chief scientist at online fraud detection firm White Ops, said it is not clear that eBay was remiss in securing its database because hackers have the tools to get into nearly any network.
"Five hundred of the Fortune 500 are under constant attack. Everybody is getting hit," he said.
Still, he said he would like to have more information about what happened to understand how they got in and why it took three months to detect. "If we are not going to prevent these attacks, let's at least detect them," he said.
The company said hackers stole email addresses, encrypted passwords, birth dates, mailing addresses and other information, though no financial data, nor PayPal databases were compromised.
Computer security experts say the biggest breach was uncovered at software maker Adobe Systems Inc in October 2013, when hackers accessed about 152 million user accounts.
The EBay breach would be larger than the one Target Corp disclosed in December of last year, which included some 40 million payment card numbers and another 70 million customer records.
Enter your email to get our daily newsletter in your inbox
- Fire engines and rescue teams were pressed into service and the injured are being treated at the Sivakasi government hospital.
- A Bengaluru-based political analyst said that Yediyurappa's supporters may want to go in for low-key birthday celebrations even though detractors may post as many ads as possible to remind everyone of his age.
- Officials said some local youths spotted the big fish lying lifeless on the Sonapur coast on Thursday afternoon.
- Officials in Bhubaneswar's Regional Meteorological Centre said the maximum temperature of 38 degrees Celsius in Bhubaneswar on Wednesday too was highest on that day.
- In MP, the positivity rate increased to 2.3% on Thursday and there are 2,435 active cases in the state.
- CSE’s director general Sunita Narian said Covid-19 had made the world’s poor poorer.
- This was the first formal contact between Jaishankar and Wang since they met on the margins of a Shanghai Cooperation Organisation (SCO) meeting in Moscow on September 10 last year, and it came days after India and China pulled back frontline troops from strategic heights around Pangong Lake.
- Aparna Purohit was accused of the inappropriate depiction of UP police personnel, Hindu deities and adverse portrayal of a character playing the PM.