Multinational corporation, eBay, denies the data breach that was revealed on Wednesday. A hacker claimed that the database, which is on sale for 1.45 Bitcoin, contains eBay users’ information. However, the online auction website says that the database being offered for sale is not authentic.
The hacker claimed to have eBay’s stolen database information through Pastebin, an anonymous text file website. After eBay denied that the hacker had users’ stolen information, the hacker posted an extract from the database. It showcased user names, phone numbers, addresses, and birth dates of Asian-Pacific users. This was done as a way to show proof that the hacker is in possession of eBay’s 145 million user database.
eBay Denies Database Breach
Speaking to the Guardian, an eBay spokesperson said,
“The published lists we have checked so far are not authentic eBay accounts.”
Security experts are scrambling to investigate how a database leak could occur. The global VP of Trend Micro, a security software firm, Rik Ferguson said,
“It is always tough to tell whether the data is genuine in situations like this.The email addresses I have tested so far do not appear to be sourced from previous breaches.”
Ferguson confirmed eBay’s sentiments and said that the stolen database is most likely false.
It had taken eBay two months to learn that it had been hacked because there was no “unusual activity” until May. A company spokesperson told the Guardian that “one or two” eBay employee IDs were stolen from the end of February to the beginning of March. The hacking was not discovered until multiple attempts were made by those IDs to access a restricted database. Ferguson commented,
“It is inexcusable for a company the size of eBay with the amount of data it holds to not encrypt all personal information held.”
Out of the 233 million registered accounts on eBay, 145 million are active users. All of them have been advised to change their passwords. eBay has been “aggressively investigating” the breach, but has not found any evidence that points to abuse of user information.
Image via eBay