E-Commerce Time Machine: eBay’s Historic 2014 Data Breach

The figure of 13 million impacted by cyber incidents within a one month timeframe understandably raises eyebrows, yet collectively remains far from being any one of the most impactful data breaches suffered by companies through history. This is true, too, in e-commerce, as one of the industry’s longtime giants in marketplace eBay can personally attest to.

Now over eight years ago, in February/March 2014, the e-commerce mainstay suffered a severe data breach as a result of a cyber attack – resulting in a whopping 145 million users, the marketplace’s entire user base at this time, being impacted.

Encrypted passwords and personal details of customers including names, e-mail addresses, phone numbers and physical addresses were understood to have been exposed in the breach, resulting in eBay being forced to ask all 145 million of its users to change their passwords in a stunning turn of events.

eBay.com homepage on May 22, 2014 following the marketplace’s announcement of its data breach.

The marketplace quickly came under fire, as much for having been so exposed by the breach attempt as for delays in its response and communications with impacted customers. More than a month after the initial breach, eBay made its public declaration declaring the incident and requesting users reset their passwords.

The delay was less a PR tactic for eBay, however, more than it was a delay in recognising the breach had occurred. Despite the breach being believed to have occurred sometime in late February or March of 2014, eBay confirmed that they had only detected the compromised employee log-in credentials through which their user database was accessed roughly two weeks before their public statement on May 21 of that same year.

It could have been much worse, however, as the company confirmed its understanding that customers’ financial information had not been exposed in the incident.

eBay issues a statement to its corporate website on May 21, 2014.

That eBay’s statement announcing the incident had been posted first to its corporate website eBayinc.com also drew criticism given how much less likely it would be that impacted customers would see the statement via this much less-trafficked medium.

Only one day later did a declaration on the company’s behalf appear on its main website, though with the initial banner offering little information beyond the request to users that they change their passwords, leading many left to wonder at the exact details of what had occurred.

The incident is yet another handy lesson from which e-commerce retailers can learn, both in terms of the value of best protecting their digital infrastructures against potential harm but also in how to (or how not to) respond to an incident should one ever occur. And to their credit, eBay itself appeared to have learned a valuable lesson, with no known similar incidents having occurred via the marketplace despite the size of its user database having only grown exponentially in the more than eight years since its data breach of 2014.

Safety in e-commerce, much like success, is not guaranteed. It is instead something which businesses and entrepreneurs need to vigilantly aspire to achieve.

The e-commerce landscape is changing. With a Power Retail Switched On membership, you get access to current e-commerce revenue and forecasting, traffic levels, average conversion rate, payment preferences and more!