Customers of eBay warned other accounts now at risk
Published 24/05/2014 | 02:30
IRISH eBay shoppers have been warned to change their hacked passwords or face identity theft and other internet accounts being hacked.
Security experts say that only a minority of eBay users will heed the company's advice to immediately change passwords after 145 million registered eBay shoppers, including an estimated 100,000 registered Irish eBay users, had their personal details accessed by hackers.
But those who don't change their passwords are risking the security of their accounts, say industry experts.
"The worst that could happen is that people use those credentials on other systems," said Conor Flynn, an IT security expert with ISAS. "The reality is that many people use the same password across multiple accounts."
According to eBay, hackers accessed a key database with its customers' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The company said that financial information was not accessed.
"Typically, details of such hacked databases are sold on certain online destinations," said Mr Flynn. "The more information the hacker has, the more valuable it is.
"Ten thousand valid email addresses might sell for $100 (€73), but if you add a date of birth and a mother's maiden name, the price starts to go up. Identity theft is becoming more targeted."
eBay said that the cyber crime was first detected about two weeks ago.
Mr Flynn said that more web services should move toward so-called "two-factor" authentication, mirroring banks and financial institutions.
"We don't know how well eBay's systems are encrypted," he said. "But it's quite easy to get cracking systems. If you haven't changed your eBay password by now, you really should."