An eBay logo is projected onto white boxes in this illustration picture taken in Warsaw, January 21, 2014.
Credit: Reuters white RS/Kacper Pempel
(Reuters) – EBay Inc initially believed that customer data was safe as forensic investigators reviewed a network security breach discovered in early May, global marketplaces chief Devin Wenig said in an interview on Friday.
He declined to say when the company first realized customer data was involved or how many days it took them to prepare Wednesday’s public announcement about the massive breach in which hackers accessed data belonging to all 145 million eBay users.
“For a very long period of time we did not believe that there was any eBay customer data compromised,” Wenig said in the first comments by senior executives since the company disclosed the breach this week.
“When we found out that there was, we moved swiftly to disclose,” he added.
EBay has come under pressure from both customers and authorities over the massive hacking of customer data disclosed this week, as three U.S. states have begun investigating the e-commerce company’s security practices.
The Internet retail giant, which has mobilized its senior executives in a subsequent investigation of the attack, has no plans to compensate customers or offer free credit monitoring for now because it had detected no financial fraud, Wenig said.
Wenig said buying and selling activity on eBay remained normal, though eBay is still working out the cost of the breach, which includes hiring a number of security firms.
Wenig, who was previously a senior executive at Thomson Reuters Corp, declined to comment on whether the cost could be material to eBay.
On Wednesday, the e-commerce company announced that hackers raided its network between late February and early March. The company said financial information was not compromised and its payments unit PayPal was not affected.
The company advised customers to change their passwords immediately, saying they were among the pieces of data stolen by cyber criminals who carried out the attack three months ago.
When eBay first discovered the network breach in early May, the senior team was immediately involved and held multiple daily calls on the issue. Since the customer data breach was disclosed on Wednesday, some eBay staff have been working around the clock.
Wenig said hackers got in using employees’ credentials.
He said that “millions” of users have reset their passwords, but declined to elaborate. The company has begun pushing out emails and notifications to its users, but he said it would take “some time” to complete the task.
“You would imagine that anyone who has ever touched eBay is a large number,” he said. “So we’re going to send all of them an email, but sending that number all at once is not operationally possible, so we’re rolling through it.”
(Reporting by Jim Finkle; Editing by Lisa Shumaker and Andrew Hay)