EBay has a simple message for customers after 145 million user records were accessed in a cyberattack that has been called one of the biggest in history: change your passwords.
The company published a statement on its website saying it will ask eBay users via email, site communications, and other marketing channels to change their passwords. It explained that the cyberattack compromised a database containing encrypted passwords and other non-financial data. The online auction site added that there is no evidence of the hack resulting in unauthorized activity by users or any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.
This breach follows Target’s holiday-season data compromise that potentially left tens of millions of customers exposed, as well as the Adobe Systems breach in October, which holds the title for biggest hack of all time with 152 million user accounts compromised.
EBay apologized to users, stating, "Information security and customer data protection are of paramount importance to eBay, and eBay regrets any inconvenience or concern that this password reset may cause our customers."
"We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure, and trusted global marketplace," it added, in the statement.
However, the apology may be too little, too late. Various media outlets are blasting the company for not telling its users more quickly about the hack, which eBay said in the release took place in late February or early March. However, on an FAQ page eBay set up about the crisis, it said it only discovered the unauthorized access in May and it immediately began working with security experts and law enforcement to "aggressively investigate" the issue.
It added on the FAQ page that it delayed disclosure about the data compromise because it "has a responsibility to fully understand the facts, which required a full investigation."
The company has brought on FireEye’s Mandiant forensics division to aid with the investigation.
"Our customers are our highest priority; and to ensure they continue to have a safe, secure, and trusted experience on eBay, we will be asking all eBay users to change their passwords," eBay corporate comms specialist Kari Ramirez wrote in an email to PRWeek on Wednesday.
She declined to comment on the company’s communications strategy on the matter.
Edelman EVP and global client relationship manager Jim O’Leary said eBay is a client, but would not confirm if the agency is specifically helping it with comms related to the breach.