On the heels of a massive cyberattack that affected its 145 million users, eBay is reportedly facing a formal investigation with the government over its security practices.
As first reported by CNET, eBay will have to answer questions from the government about what type of security the company had in place before hackers accessed the personal data of its users.
Earlier this week, eBay urged users to update their passwords immediately. The breach, which was confirmed by investigators this week, happened in late February and early March; eBay discovered it in early May. It seems hackers used an internal eBay corporate account to spy on usernames, email addresses, physical addresses, phone numbers and dates of birth. The hackers were able to access passwords, but they were in encrypted form, so it’s unlikely they were compromised.
“The magnitude of the reported eBay data breach could be of historic proportions, and my office is part of a group of other attorneys general in the country investigating the matter,” Florida Attorney General Pam Bondi said in a statement. “We must do everything in our power to protect consumers’ personal information.”
eBay representatives told Mashable the company it didn’t know how many of the 145 million accounts were seen by the intruders, and that it would have no further update on the matter. The company repeatedly stressed that no financial information was taken and that the cyberattackers found their way in through employee login information alone.
The company has not yet responded to a request for comment about the investigation.