U.S. states probe eBay cyber attack as customers complain

BOSTON/NEW YORK Fri May 23, 2014 2:55am IST

The results of a Google image search on Ebay are shown on a monitor in this photo illustration in Encinitas, California, April 16, 2013. REUTERS/Mike Blake /Files

The results of a Google image search on Ebay are shown on a monitor in this photo illustration in Encinitas, California, April 16, 2013.

Credit: Reuters/Mike Blake /Files

Related Topics

Stocks

   

BOSTON/NEW YORK (Reuters) - EBay Inc (EBAY.O) came under pressure on Thursday over a massive hacking of customer data as three U.S. states began investigating the e-commerce company's security practices.

Connecticut, Florida and Illinois said they are jointly investigating the matter. New York Attorney General Eric Schneiderman requested eBay provide free credit monitoring for everyone affected.

Details about what happened are still unclear because eBay has provided few details about the attack. It is also unclear what legal authority states have over eBay's handling of the matter.

The states' quick move shows that authorities are serious about holding companies accountable for securing data following high-profile breaches at other companies, including retailers Target Corp (TGT.N), Neiman Marcus and Michaels and credit monitoring bureau Experian Plc (EXPN.L).

Congress and the Federal Trade Commission are investigating the Target breach, which resulted in the firing of the company's chief executive and its chief information officer.

"There is definitely a climate shift," said Jamie Court, president of the advocacy group Consumer Watchdog. "The departure of the Target CEO over the problem signals inside the board room and in the halls of government that these are betrayals of customers and that they won't be tolerated."

EBay shares fell 0.7 on Nasdaq, compared with a 0.6 increase in the Nasdaq Composite Index.

The investigation by the states will focus on eBay's measures for securing data, circumstances that led to the breach and the company's response, said Jaclyn Falkowski, a spokeswoman for Connecticut Attorney General George Jepsen.

EBay spokeswoman Amanda Miller declined to comment on the states' actions, but said the company was working with authorities around the globe.

"We have relationships with and proactively contacted a number of state, federal and international regulators and law enforcement agencies," she said. "We are fully cooperating with them on all aspects of this incident."

COMPLAINTS

Some customers complained on eBay Community forums that they had not received much information about the breach from eBay and have yet to get notifications by email, which the company has promised to do.

"This is all over the news - Nothing from EBay," sfbay111 said in one post on an eBay forum.

Several security experts said the best practices would be to have a message pop up when users log in, telling them about the breach and forcing password changes.

As of Thursday afternoon, eBay did not have information on the attack visible on its market home page, www.ebay.com.

"That's really poor incident response," said David Kennedy, a cyber forensics expert who is CEO of TrustedSEC LLC. "EBay should be held to a higher standard."

Kathryn Higa, a Honolulu-based entrepreneur and longtime eBay user, said she was "disappointed" with eBay's response to the breach.

She would like the company to post notices on its marketplace, www.ebay.com. They are currently on its corporate site, www.ebayinc.com.

"They have not exercised all the vehicles available to them to protect their customers," she told Reuters via telephone.

The company addressed delays in notification in a Tweet on Thursday afternoon: "Just to let everyone know, it will take some time for every eBay user to get our reset email. You can still go to eBay to change password."

INVESTIGATION

A spokesman for the FBI's San Francisco office said multiple agents were working on the case, but declined to comment on the likelihood of apprehending the culprits.

Even though the criminals have yet to surface, that has not prevented others from trying to profit from their work.

Someone posted a batch of emails, scrambled passwords, phone numbers and addresses of more than 12,000 people on the Internet, saying it was a sample of data stolen from eBay and offering to sell the full batch for 1.453 bitcoin, or a little more than $750.

EBay's Miller said the information was not authentic.

Reuters spoke to six people whose phone numbers were included in that batch. While only four said they had eBay accounts, all of them said the data was correct, which suggests they may have been victims of another data breach.

(Additional reporting by Mark Hosenball in Washington, Soham Chatterjee, Supantha Mukherjee and Subrat Patnaik in Bangalore, Joseph Menn in San Francisco; Editing by Dan Grebler)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Wipro Results

People walk in the Wipro campus in Bangalore June 23, 2009. REUTERS/Punit Paranjpe/Files

Wipro sees rosier end to year as U.S. clients spend

India's third-biggest software services firm Wipro Ltd , under pressure to improve lacklustre sales growth, said it saw a rosier end to the year as more confident U.S. clients increase spending.  Full Article 

Reuters Showcase

New Email Service

New Email Service

Google launches new email service dubbed "Inbox".  Full Article 

Cyber Attack

Cyber Attack

China-backed hackers may have infiltrated Apple's iCloud - blog.  Full Article 

User Data Security

User Data Security

Apple CEO discusses security with top Chinese official amid hacking claims - Xinhua.  Full Article 

Patent Wars

Patent Wars

Big Tech winning battle with 'patent trolls'.  Full Article 

Record Season

Record Season

FedEx expects record peak volume of 22.6 million packages on Dec. 15.  Full Article 

Yahoo Earnings

Yahoo Earnings

Yahoo ekes out Q3 revenue gain despite display ad weakness.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage