|By Bob Gourley||
|June 12, 2014 10:50 PM EDT||
In early May, eBay discovered that its network had recently been compromised, and on May 21st a banner appeared on eBay.com acknowledging the breach and recommending that users change their passwords. Later that day, however, the banner disappeared, and throughout the week many users responded with frustration and disappointment at what many perceived to be a lack of transparency.
The most recent development came on Memorial Day, when Devin Wenig – president of eBay marketplaces – sent an email to customers apologizing for the breach and providing more details to users. According to the email, “this attack occurred between late February and early March and resulted in unauthorized access to a database of eBay users that includes customers’ names, encrypted password, email address, physical address, phone number and date of birth” – but not financial information. The email goes on to say that eBay has no evidence that the hackers accessed customers’ banking information or credit card numbers, and there is no evidence of increased fraudulent activity on the website.
While the email from Mr. Wenig suggests that the situation is under control, many headlines indicate that eBay users and techies are not so sure. Some feel that the compromised personal information makes individuals very vulnerable to identity theft and phishing attacks because lawbreakers will have so many details about individual eBay users, while others consider the eBay attack less-than-catastrophic because the stolen information does not include social security numbers and credit card numbers.
Although eBay’s initial response to the breach appeared slow and halfhearted, this email suggests that the company is finally taking the threat seriously, albeit with a very positive interpretation of events. Nonetheless, further developments can be expected – as the Federal Trade Commission and investigators are likely unconcerned with how much eBay says it has the situation under control.