What exactly happened to the IT infrastructure of eBay which, since 2002, has also controlled the online payment company”PayPal” and which, presumably, has several IT platforms in common with it? A simple intrusion via log-in. In other words, anyone who has entered the EBay corporate network has managed to obtain, in a more or less legal way, a limited number of user names and passwords of employee accounts of eBay.
The violation allegedly took place between the end of February and the beginning of March, but the picture of the situation was completed only two weeks ago. The alert was forwarded today by eBay to all users through a automatic message visible when accessing the personal area of the site, only to then opt for one confidential communication only to users most at risk.
But why does the hacking of corporate accounts also affect users? Simply because the former acquire the data of the latter to be able to deal with customer practices: assistance during the sale of objects auctioned or exchanged online, verification of the data provided, complaint management and so on. But Ebay has already specified that it is only about non-financial data such as customers' names, emails, addresses, phone numbers and dates of birth. Furthermore there was no evidence of unauthorized activity or fraudulent, just as there have been no suspicious accesses to user credit card information on either eBay or PayPal.
Regardless of what happened, the periodic change of passwords of access to whatever site it is good practice for the purpose of greater security. Unfortunately, this practice is detested and by no means widespread, but for this very reason it remains one of the main systems used by cyber criminals to obtain information on victims and send targeted attacks. Knowing that a user uses a particular online payment service is useful, for example, for sending email in phishing like: "Your Bank has reset the password for accessing your account, enter the old password here to generate a new one"…..
