(edit: s/Changed/Change/g)
Maybe I should turn this into a security blog. Seems I can’t go a week or three without a post about yet another major corporation getting hacked. This time it’s Ebay. Took them a couple of months to figure it out too.
What makes this one extra special is that it wasn’t through some SSL bug or other exploit. It was through compromised (week? social engineered?) employee passwords.
They got hacked back in March. and only discovered it a couple of weeks ago and announced it today.
Though no Credit card or bank info was in the compromised database, enough info on there for a good shot at identity theft was:
“The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”
Ebay’s blog post about it at the link below.
http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords