eBay Australia is advising all of its customers to change their password following confirmation by its United States parent company that cyber criminals accessed a database that contained eBay customer details including encrypted passwords.
eBay US has stated that the attackers compromised a "small number of employee log-in credentials" in the United States between late February and early March 2014 to gain access to its database.
It has released a blog of frequently asked question about the attack.
“We believe we have shut down unauthorised access to our site and have put additional measures in place to enhance our security. We have seen no spike in fraudulent activity on the site,” read the blog posting.
However, eBay US would not “speculate on who is responsible [for the attack] at this time”.
An eBay Australia and New Zealand spokesperson told Computerworld Australia that the issue is “not confined to the US" but it is still “asking all users to change their password”.
The spokesperson confirmed that Australian Privacy Commissioner Timothy Pilgrim has been notified about the data breach.Read more: Snapshots: PCEHR funding / goodbye TUSMA / Office of the Privacy Commissioner established
“Law enforcement and security experts are aggressively investigating the matter globally,” added the spokesperson.
In a statement, Pilgrim said the Office of the Australian Information Commissioner (OAIC) received a voluntary data breach notification from eBay Inc. today.
“We are currently conducting enquiries into the data breach to determine whether the OAIC will need to open an investigation," he said.
Follow Hamish Barwick on Twitter: @HamishBarwick
- Privacy commissioner scrutinises mobile apps
- Series of errors led to Department of Immigration data breach: KPMG
- How to avoid a Privacy Act breach