It has become a common practice among cyber criminals to target big corporations and e-retail companies. Recently Target Corporation was targeted by cyber criminals and as a result of that Target Corporation faced litigation threats around the world. The corporate compliances in India and e-commerce regulatory requirements have become very stringent.
The cyber breaches in India would raise serious cyber law issues for corporations and e-commerce business houses operating in India. E-commerce stakeholders must adhere to e-commerce due diligence and cyber law due diligence (PDF) requirements prescribed by Information Technology Act, 2000 (IT Act 2000) and other laws of India to stay on the right side of Indian laws.
As per media report, auction site eBay is asking all users to change their passwords following a “cyber attack” that compromised a database containing account information. The company has claimed that no financial data was accessed and that credit card information is stored separately in an encrypted format. “Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” the company told the Telegraph this afternoon.
The blog post of eBay says that it will be asking eBay users to change their passwords because of a cyber attack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
As per eBay the cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.
The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.