With a attack on the auction site eBay attackers gained access to the data of a total of 145 million users, a big part of the information was copied. With the attack a large amount of encrypted passwords were stolen.
According to eBay , it is not easy to decrypt the encrypted passwords, yet users were advised to change their password.
On the auction site some experts believe that the risk to users is bigger than eBay does occur. Michael Coates of Shape Security states that there is a high risk that the attackers do crack the stolen encrypted passwords. Namely business users would usually only apply for a change if there is a reasonable chance that the attackers encrypted passwords can retrieve their passwords. However, there are no indications that the data has actually been misused , according to eBay.
The attack, which was possible due to stolen credentials of employees. Took place in late February and early March, but was discovered in early May. Security experts and police were immediately alerted. The time between the discovery and disclosure would have been to determine the extent of the data theft. On the basis of the number of stolen data this is the second largest successful attack at an American company.