eBay will ask you to change your password today after an attack

eBay has announced today that users of the popular service should change their passwords immediately due to a cyber attack that compromised a database containing encrypted passwords. A press release sent out by the company stresses that only non-financial data was affected.

Hastily investigating the matter, eBay found no evidence of any unauthorized access to financial or credit card information, but we strongly urge all readers to pop into their accounts and make the change regardless.

PayPal on-the-other-hand has not been affected in this case and there's reportedly no evidence of attacks on the separated networks. We would, however, recommend you change PayPal passwords too just to be on the safe side, especially if yours are memorable and/or weak.

Later today, eBay will fire out email reminders to its userbase and will publish alerts through social channels to have their passwords altered. Also, while we're on the subject, take this as a friendly reminder as to why it's not such a good idea to have the same password for every account you have.

Source: BusinessWire

Press Release

SAN JOSE, Calif.--(BUSINESS WIRE)--eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Rich Edmonds
Senior Editor, PC Build

Rich Edmonds was formerly a Senior Editor of PC hardware at Windows Central, covering everything related to PC components and NAS. He's been involved in technology for more than a decade and knows a thing or two about the magic inside a PC chassis. You can follow him on Twitter at @RichEdmonds.

  • Hmmm...
  • Bummer. My ebay account is so old that I have a password that i used before i had my password database
  • I don't use eBay :V
  • Didn't use it enough and closed mine almost 6 months ago... Hope that the attackers didn't get anything useful
  • Well they will not have deleted your data there I guess.
  • I am getting tired of all these compromises....
  • That's the life of online and hackers.
  • Sad but true
  • Has wpcentral released an article on the best password apps we have available? I think I'm going to finally download one. Any recommendations on password apps?
  • Sky Wallet is pretty good. I was using it until Enpass came out. You have the ability to backup and restore via Onedrive on both clients, but Enpass gives you way more features. Features like a tone of export and import file types. The killer feature is the desktop client. You can use the desktop client to input all the services passwords then sync them to your phone later. It's more then Sky Wallet but it's worth it. http://www.windowsphone.com/s?appid=5da0e1bb-e3b4-42ad-bd18-1fcae34e9b10
  • KeePass for the PC and 7Pass Free for WP. Store the Database on Onedrive.
  • So, what will the hackers do with my password? Shop more??
  • After what happened with Target, don't be naive
  • access your ebay account and see your credit card information for example
  • Exactly the breach allows access to you information and in some cases could leave an open door to people PayPal or Bill Me Later accounts. This could be alot worse if hackers are diligent.
  • My first move would be to try that email and password on PayPal, and then on every other financial website
  • Its not the financial info that's the problem, its that they have your personal details so you can be cloned
  • Do they take pay pal
  • read
  • that was a joke if hackers take pay pal?......got it?
  • The ebay app doesn't prompt, so make sure you do it from a browser if concerned.
  • FFS.
  • I have not had a prompt is this just in the us?
  • No resets in Canada yet.
  • So I just changed my password through the website, opened my windows phone app to reenter it, but it still worked - anyone else notice the same? If they are storing tokens without resetting them when passwords change, someone who stole a password can have a fully functional app still connected.
  • Ha, I called them yesterday about someone posting a listing on my account