American multinational e-commerce company eBay was slammed for the company's delayed action on the major security flaw that affected 128 millions of users for the past three months.
The biggest online marketplace just issued a press release about the cyber attack on Wednesday even though the incident started between late February to early March.
According to an article from Daily Mail, Chairman of the Commons home affairs select committee Keith Vaz stated: "'We have urged companies to take much more seriously the threat of hacking. It is inexcusable that a company as important as eBay has failed to inform its customers immediately that this has occurred. We need a full explanation. 'We will be writing to them to ask how this happened and whether this problem has been resolved.'
In a press statement released by eBay, the company mentioned that the compromised information includes the customers' name, encrypted password, email address, physical address, phone number and date of birth. It also mentioned that the log-in details of some employees were also hacked allowing attackers to illegally access eBay's corporate network.
The online auction site further mentioned that there is no evidence that Paypal accounts were affected by the biggest internet raid of the century. The press statement also mentioned that nobody touches their user's money all these time.
The company then asks their million users worldwide to change password immediately. "Beginning today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it is also encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts," says the press statement.
The ironic revelation of major hacking incident in eBay took place just days after the site was mentioned in a study conducted by Dashlane as one of the popular sites which is susceptible for internet threats.
According to Dashlane's second password security roundup conducted after Heartbleed bug, eBay obtained only a security scored only +30 which is way below the +50 minimum requirement score for adequate password policies. The company was also cited for its unsafe practice of not locking the user's account after 10 incorrect password attempts giving hackers a freeway to do their thing of stealing user's information.
Even though eBay users have already changed their password, the hackers have already taken hold of the user's personal information. There is still a probability that these data will be used for identity fraud after the major security flaw took place. As iboss Network Security Chief Executive puts: "eBay was the golden goose of 'hacking targets' due to the sheer amount of information which is held."