CORRECTED-(OFFICIAL)-Hackers raid eBay in historic breach, access 145 mln records

Thu May 22, 2014 1:25am EDT

(Corrects first paragraph after eBay revises statement to say hackers only copied "a large part" of its user database. Company initially said hackers copied all 145 million customer records.)

BOSTON May 21 (Reuters) - EBay Inc said that hackers raided its network three months ago, stealing "a large part" of a database containing information about all 145 million of its customers in what could go down as one of the biggest data breaches in history based on the number of accounts accessed.

It advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack between late February and early March.

EBay spokeswoman Amanda Miller told Reuters those passwords were encrypted and that the company had no reason to believe the hackers had broken the code that scrambled them.

"There is no evidence of impact on any eBay customers," Miller said. "We don't know that they decrypted the passwords because it would not be easy to do."

She said the hackers copied a massive user database that contained those passwords, as well as email addresses, birth dates, mailing addresses and other personal information, but not financial data such as credit card numbers.

The company had earlier said a large number of accounts may have been compromised, but declined to say how many. (Reporting by Jim Finkle; Editing by Christopher Cushing)

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Comments (1)
mb56 wrote:
So the passwords were encrypted… but what about the personal information? How many more of these massive breaches must we endure before we get some serious laws protecting privacy? ALL personally identifiable information should be encrypted on these systems. This has become beyond ridiculous… whole disk encryption is common place now. There is really no excuse for this.

May 21, 2014 11:06pm EDT  --  Report as abuse
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.