eBay Cyber Attack steals passwords
eBay has urged users to change their passwords after personal data from up to 233 million accounts was compromised by hackers - but is it too late?Reuters

The cyberattack on eBay which saw the personal details from up to 233 million accounts compromised by hackers has forced the online auction site to advise users to change their passwords.

A statement issued by eBay warned that customers' names, passwords, email addresses, physical addresses, phone numbers and dates of birth were all at risk from the breach, though claimed no financial data had been accessed.

The US firm said that one of its databases was hacked between late February and early March of this year, however it went unnoticed until two weeks ago.

This suggests that any personal data may already have been stolen, and that any action taken by users is now too late.

'Listen to eBay'

Despite any action by users being potentially futile, security analysts have followed eBay in urging all users to change their passwords when instructed, stressing the importance of using a unique password for every site they use.

Chris Boyd, a malware intelligence analyst at Malwarebytes, said: "It's important that people listen to eBay and, when notified by email, change their password, as well as updating any other site which uses the same login credentials."

Others have gone even further in saying that eBay should not just ask but force customers to change their passwords.

"It is good practice to ask for a password reset," said Dwayne Melancon, chief technology officer of security firm Tripwire. "[However] users should probably be required to reset - not just asked."

Inherent flaws in data storage system

Such a massive data breach is the latest in a series of high profile cyberattacks, and calls into question the methods utilised by major companies to store users' data.

Brian Spector, CEO of security firm CertiVox, claims that the underlying issue is that the username and password system is old technology and no longer up to the demands of securing information.

"This incident is just the latest in a long line of attacks that highlight the need for the wider technology industry to take another look at the methods that they employ to secure services and data," Spector said.

"The way that consumers operate online – often using the same password for multiple accounts – means that the risks posed by data losses can be extremely wide-ranging."