CHRIS UHLMANN: Cyber criminals have hacked into online marketplace eBay and stolen the private information of millions of its customers.
The website is urging users to change their passwords but there's little it or customers can do to retrieve the names, emails, addresses, phone numbers and birth dates that were taken.
And the company is facing mounting criticism for its handling of the security breach, announcing it now despite knowing about the incident for weeks.
Will Ockenden reports.
VOICEOVER (Extract from eBay advertisement): There's a place especially for you.
WILL OCKENDEN: Internet retailing giant eBay likes to think of itself as the world's online market place.
VOICEOVER (Extract from eBay advertisement): With more than 30 million products, you can always find exactly what you want and make it yours. eBay …
WILL OCKENDEN: Hackers appear to have taken that literally. They've made eBay's database theirs, and obtained the usernames, passwords, phone numbers, addresses, birthdates and emails of more than a hundred million of its users.
GRAHAM CLULEY: They've been royally hacked a couple of months ago apparently. Pretty embarrassing.
WILL OCKENDEN: Graham Cluley is an internet security researcher.
GRAHAM CLULEY: How long has eBay known about this?
WILL OCKENDEN: eBay is an auction website which connects buyers with sellers. Last year its users bought and sold around $US205 billion worth of goods.
eBay isn't providing specifics on how many of its 145 million or so active accounts have been affected, saying only it's a "large number".
The company says financial information like credit cards weren't stolen, but Graham Cluley says the large scale loss of personal data raises the likelihood of identity fraud.
GRAHAM CLULEY: These days hackers aren't just interested in credit card data. They're also interested in your personal information because they can actually exploit that to make money too.
WILL OCKENDEN: How?
GRAHAM CLULEY: By doing things like phishing attacks, by the fact that many people use the same password in multiple places. They could spam you, pretending to be eBay and maybe inside that email there could be a malicious link designed to infect your computer. And once they manage to infect your computer then they can really begin to turn that into money by handing it over to spammers for instance.
WILL OCKENDEN: eBay says the hack likely occurred in late February and became aware of it around two weeks ago.
The company has been widely criticised for its handling of the incident, with users saying a technology company should have better security policies and criticising the time taken to announce the breach.
eBay also appeared to play the whole thing down, burying the scale of the attack in the middle of its official statement.
GRAHAM CLULEY: A lot of people are rather upset that if you go to ESET's website right now, there is no warning there on the front page. You have to dig around in their press section to find out anything about this. And surely, eBay should be more proactive about warning its users.
WILL OCKENDEN: If a catastrophic data breach wasn't bad enough for eBay, the news of the incident also leaked from the company.
For hours last night a company blog displayed the headline "eBay Inc. to Ask all eBay users to change passwords". The blog post provided no more information, other than the words "placeholder text".
GRAHAM CLULEY: People are thinking, whoa, are they going to announce a leak, is this just a dress rehearsal they're doing for some crisis management? In fact, they've managed to leak news of it before they were ready. It's been pretty amateurish all round.
WILL OCKENDEN: eBay isn't speculating on who may be responsible for the hack and has assured users there has been no evidence of fraud so far.
But if history is anything to go by, there is likely to be a rise in attacks across the internet as users often use same or similar passwords from website to website.
CHRIS UHLMANN: Will Ockenden reporting.