Earlier this week it was revealed that e-commerce giant eBay fell victim to a sophisticated cyber attack and that its use database had been breached.
In the days following the attack a curious Pastebin posting appeared online, offering to sell eBay’s breached database for 1.45BTC. However, eBay insists the database on sale is not authentic.
The hack
The security breach has been described as one of the biggest cyber attacks of its kind in history.
More than 230 million buyers and sellers have an account with eBay and the company is asking all of them to change their passwords. The number of active accounts is much lower, but at 128 million it is still very high indeed. As many as 145 million accounts were affected by the breach.
Luckily PayPal accounts were not compromised. Although eBay owns the popular payments processor, the two systems are not interconnected and PayPal was not affected by the attack. However, there is a chance that some users chose to use the same credentials on both services.
The stolen eBay data was hashed, so it might take the attackers quite a bit of time before they decrypt the database. The problem is that the attack took place a couple of months ago, but it was not detected or reported.
Indecent proposal
The Pastebin offer included a 3,000-row extract from the database, listing users in the Asia Pacific region.
The extract allowed eBay to deduce that the offer was just a ploy to get free bitcoins from those who fell for it. An eBay representative told The Guardian that the published lists were checked for authenticity and eBay quickly concluded they were not authentic.
The company says there is no evidence that the passwords were decrypted. The database was hashed and salted.
@Phil_Ryan We store encrypted passwords that have been hashed and salted. No evidence shown that the encryption on passwords has been broken
— Ask eBay (@AskeBay) May 22, 2014
Although the 1.45BTC offer is bogus and there is no evidence to suggest any of the passwords was decrypted, all eBay users are advised to change their passwords as a precaution.
Historically, similar attacks have been used as fodder by some bitcoin proponents, as they expose the inherent vulnerability of centralised systems.
For its part, eBay hasn't shut the door on the cryptocurrency entirely. Last month CEO John Donahoe said digital currency will play an important role in the future and confirmed that the company is considering enabling bitcoin payments via PayPal.
Computer Image via Shutterstock