eBay has announced today that users of the popular service should change their passwords immediately due to a cyber attack that compromised a database containing encrypted passwords. A press release sent out by the company stresses that only non-financial data was affected.

Hastily investigating the matter, eBay found no evidence of any unauthorized access to financial or credit card information, but we strongly urge all readers to pop into their accounts and make the change regardless.

PayPal on-the-other-hand has not been affected in this case and there's reportedly no evidence of attacks on the separated networks. We would, however, recommend you change PayPal passwords too just to be on the safe side, especially if yours are memorable and/or weak.

Later today, eBay will fire out email reminders to its userbase and will publish alerts through social channels to have their passwords altered. Also, while we're on the subject, take this as a friendly reminder as to why it's not such a good idea to have the same password for every account you have.

Source: BusinessWire

Press Release

SAN JOSE, Calif.--(BUSINESS WIRE)--eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.


Reader comments

eBay will ask you to change your password today after an attack


It seems like every other day we hear stories about this happening. No website is safe.

Posted via Android Central App

THANK YOU. I hope these comments don't get filled with morons insisting that eBay is crap now, and that they have some off shoot solution that actually sucks. I really dislike those people who judge these things. I LOVE TARGET. I still shop there. I will still sell on eBay.

Posted via Android Central App

Is this a Retaliation from the Chinese spies we arrested the other day?

China is pissed so they are making everyone on ebay buy more of their chinese crap on ebay.

Also doesn't ebay own Paypal, shouldn't everyone change their Paypal pw also?

Your welcome lol you are right people are quick to dismiss a store or website just because it got compromised. It is really stupid. People can be concerned and I understand that is a valid response. But its the people that see that headline and then say dumb things that annoy me.

Posted via Android Central App

Many companies don't and won't care about their customer's security and privacy until they're violated, and it's only the fear of loss of business that motivates them.
If the government fines them it's usually a trivial amount and they won't mend their ways.
If you forgive them too quickly then there's no incentive to fix things properly. Good security is expensive, and they'd rather not go to the trouble: it's a business decision weighing the costs vs the risks/penalty.
Therefore it's important to punish these companies by taking away our business so that they take security and privacy seriously.

there are some smart hackers, but there are a lot of dumb script kiddies too.

if you're in a crowd being chased by a hungry tiger, you don't have to be the fastest, just don't be one of the slowest.

you don't have to be the most secure site on the internet, you have to be sufficiently secure that the hackers won't bother.

The problem is, Google saves all of my passwords so I can't remember my current password to change it to a new one!

+1000 and if I use a different one for each account I won't remember any of them lol.. I do change them slightly tho but not anything drastic or fuggedaboutit..

Posted via Android Central App on The Nexus 5

Should we change it now or do we have to wait till we get email from eBay

Posted via Android Central App on nexus 7 (2nd gen)

I change my password already for eBay and PayPal right after I read the article.

Posted via Android Central App

I'm thinking do I need to change my PayPal password. Am sure if they thought it had even been a slim chance of a breach they would have told us to change it..

Posted via Android Central App on nexus 7 (2nd gen)

Did you link your PayPal account to your eBay account? Then yes, someone could add a delivery address, buy stuff to be shipped there?

Anybody got NSA's 1-800? I was gonna call and tell them I changed my passwords and save them some time.

Posted via Android Central App

Database was compromised end of February and we learn end of May! Change your password in August then, to be safe for Christmas

Posted via Android Central App

I never got an email from eBay uk? Guess it's America only, the land of cyber criminals, robbery, murder,rape, gays all that you could think of on the bright side the land of android,Google, apple, Microsoft, me like it.

Posted via Android Central App

Same here, I guess it must be just eBay US as I have yet to receive an email from them.

Posted via Android Central App on nexus 7 (2nd gen)

No email for me yet either but I changed my password for both eBay and PayPal earlier today. Never hurts to be safe.

from my LG G2 via the DeathStar