Last week eBay announced that it was hit by a massive cyberattack which left its database compromised. Hackers are believed to have accessed personal information of all 145 million-plus users. A senior company executive tells a news outlet that the breach was discovered in early May and at first eBay believed that customers’ data had not been compromised as forensic investigators reviewed the attack.
The company has been criticized for its handling of the entire debacle, but eBay’s global marketplaces chief Devin Wenig tells Reuters that “for a very long period of time” eBay didn’t believe any customer data was accessed by the hackers. He added that the company moved “swiftly to disclose” the attack once it was certain that data was involved.
While the senior executive didn’t reveal when exactly did the company came to know what had happened, he did explain that the hackers made their way in by using credentials of three corporate employees and then wormed up to the user database.
Compromised data includes email addresses, names, addresses, birth dates and encrypted passwords. eBay urged its users in the announcement to change their passwords as soon as possible, halting activity on accounts that weren’t updated with a new password.
The attorney general of New York has called on eBay to provide free credit monitoring services to users, where three U.S. states are now looking into the company’s security practices. Though Wenig says that eBay doesn’t have any plans to compensate customers or provide them with free credit monitoring for now, sticking with the previous statement that no financial information was compromised.