(Updated with comment from eBay)
Earlier this week, when eBay revealed that it had been hacked, the company seemed to be trying to downplay the impact a bit. No financial information was stolen, it said, but maybe you should change your password anyway. You know, just to be safe. But, otherwise, there's nothing to worry about, right?
Wrong. There's a reason that headlines around the Web are calling the attack on eBay "historic" and "unprecedented." That is because it may have affected up to 145 million people, making it potentially one of the biggest breaches in Internet history.
And now the Attorney Generals of at least three states are giving the situation the very serious attention it deserves by launching a joint investigation to find out just exactly how this happened, according to a report from Reuters.
Those leading the investigations so far are Pam Bondi of Florida, Lisa Madigan of Illinois and George Jepsen of Connecticut.
"My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents," Jepsen, whose state has 66,000 eBay customers, said in astatement on his website. "However, the most important step for consumers to take right now is to change their password and to choose a strong, unique password that is not easily guessed."
At the same time, New York Attorney General Eric Schneiderman is asking that eBay protect customers in his state by offering free credit monitoring for anyone who was affected by the security breach. So far, though, Schneiderman has not called for a full-scale investigation.
Of course, eBay is a global company, and so the probe will likely not end at our borders. A report from the BBC states that the UK's information commissioner is also itching to look into what happened as well, though he is already running into problems due data protection laws.
"There's millions of UK citizens affected by this, and we've been clear that we're monitoring it, but by taking the wrong action under the law now we risk invalidating any investigation," an ICO spokesman told the BBC.
For its part, eBay says that it will be cooperating in these investigations.
"We have relationships with and proactively contacted a number of state, federal, and international regulators and law enforcement agencies. We are fully cooperating with them on all aspects of this incident," eBay spokesperson Amanda Miller told VatorNews.
Twitter, Facebook, Zendesk, Apple, Microsoft, Evernote, Snapchat, Skype and Bitly have all recently been victims as well, so eBay is hardly the first big company to be hit. Many of those companies are either smaller than eBay, or were able to nip their breaches in the bud before any information could be accessed.
The successful hacking of company of eBay's size, and the number of potential victims, is what is making this one different.
It was revealed on Wednesday that eBay's database had been hacked back in between late February and early March, though the company said that it only became aware of the incident two weeks ago.
The company also noted there was "no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats," nor any unauthorized access to any personal or financial information for PayPal users.
Still, the hackers were able to gain access to some very important information. Using what eBay called a "small number of employee log-in credentials," the hackers were able to see the name, encrypted password, email address, physical address, phone number and date of birth of eBay customers.
The company urged its users to change their passwords, and said it would sending out e-mails prompting them to do so, though I have to say that I have not received one of those yet.
(Image source: mashable.com)