eBay compromised
According to the official information of the company, available on info.ebayinc.com (last update of May 24), eBay in the end of February, beginning of March, was subjected to a cyber attack on the company's corporate network. The attackers managed to steal the accounts of employees of the company, as well as get access to some confidential user information, about which the media have repeatedly written. It is emphasized that this information does not include financial data, i.e. credit card information or PayPal information. eBay also assures that they did not record the cases of unauthorized use of passwords for access to accounts (Pass-the-Hash) obtained by the attacking hashes.
May 21, 2014 info.ebayinc.com
')
At the same time, it was not entirely clear why such a significant delay occurred between the time of fixing cyber attacks on the company's internal network and the time when the company recommended its users to change their passwords. A few days ago, Devin Wenig (President of eBay Marketplaces) shed light on this, who, in a commentary for Reuters, noted that the initial investigation of the cyber attack did not reveal any traces of user data theft.
According to the latest information, the attackers were able to successfully conduct a cyber attack on the company's servers and extract the following information from there.
Do not be fooled by spammers who send phishing emails from supposedly eBay with a proposal to change the password on a third party link. Use your eBay account to do this and always check for https connections in your browser’s address bar.
be secure.
Cyberattackers has been logged in credentials , the company said. He is aggressively investigating and prosecuting security experts.
May 21, 2014 info.ebayinc.com
')
At the same time, it was not entirely clear why such a significant delay occurred between the time of fixing cyber attacks on the company's internal network and the time when the company recommended its users to change their passwords. A few days ago, Devin Wenig (President of eBay Marketplaces) shed light on this, who, in a commentary for Reuters, noted that the initial investigation of the cyber attack did not reveal any traces of user data theft.
According to the latest information, the attackers were able to successfully conduct a cyber attack on the company's servers and extract the following information from there.
- The credentials of "some" company employees that allowed attackers to unauthorizedly enter the corporate network of the company and receive the necessary information from there.
- A database with encrypted user passwords (hashes) and other personal information that is not financial. These hashes could be used to organize attacks like Pass-the-Hash (the so-called "special" access patterns). The success of such an attack could take place until users changed their passwords.
- Stolen personal information includes: customer name, email address, physical address, phone number, date of birth.
Do not be fooled by spammers who send phishing emails from supposedly eBay with a proposal to change the password on a third party link. Use your eBay account to do this and always check for https connections in your browser’s address bar.
be secure.
Source: https://habr.com/ru/post/224117/
All Articles