eBay hack: why did it take so long to tell customers?
eBay is coming under pressure to explain why it took three weeks to inform the public of a massive hack that saw 145 million customer records stolen.
eBay only yesterday began advising customers to change their passwords, even though it was aware of an attack on its systems at the beginning of May.
There is no evidence of impact on any eBay customers
The hack gave thieves access to customer data such as email addresses, birth dates, mailing addresses and encrypted passwords.
Although there’s now a prominent request for users to change their passwords at the top of the eBay homepage, many customers are complaining on Twitter that they’ve yet to receive an email notifying them of the attack.
The attack itself was carried out in late February and early March, meaning hackers have potentially had three months to use the stolen data.
In a statement sent to Reuters, eBay spokesperson Amanda Miller said the company had “worked aggressively and as quickly as possible to ensure accurate and thorough disclosure of the nature and extent of the compromise.”
Miller also insisted that “there is no evidence of impact on any eBay customers,” and that “we don’t know that they [the hackers] decrypted the passwords because it would not be easy to do.”
eBay UK was unavailable for comment at the time of publication.
eBay’s payment arm, PayPal, claims it wasn’t affected by the attack.