EBay told the BBC that it was not aware of any technical problems with the password reset function on the site.
“The site is busy, but our secure password reset tool is working, we are sending out millions of emails, and it will take some time. The process is certainly well under way,” e-bay told the BBC.
Meanwhile the fallout from the data breach was beginning to kick in.
In the US, Connecticut, Florida and Illinois said they were conducting a joint investigation.
Speaking on BBC Radio 5 live, the UK’s information commissioner said that the eBay breach was “very serious” but that outdated and complex data protection laws meant the ICO could not begin an immediate investigation.
An information commissioner’s spokesman said:-
“There’s millions of UK citizens affected by this, and we’ve been clear that we’re monitoring it, but by taking the wrong action under the law now we risk invalidating any investigation,”.
Some would say it is far to slow a response and is typical of the paper tiger that is the ICO. Just what does one have to do to get in to trouble with the Information Commissioner?
Is this much data wholly necessary?
Hugh Boyes from the Institution of Engineering and Technology questioned this “The Information Commissioner makes the point that organisations should keep the minimum information necessary so why do eBay need to hold and store dates of birth and addresses? As an occasional eBay user, I am concerned that not only have they lost my email, username and password, but according to their website the loss includes home address, phone number and date of birth. This is serious from an identity theft perspective. The only item they are missing is the mother’s maiden name and they have sufficient information to impersonate an individual when dealing with many financial organisations.”