Global commerce and payments giant eBay has released an alarming memo that its servers have been breached and user data has been compromised, urging everyone who uses its services to change their passwords immediately.
The announcement hit the wires just minutes ago, with eBay noting that it will be asking users via email “to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data.”
Although the company has no evidence of the compromise causing unauthorized activity for customers, or any unauthorized access to credit card information, “which is stored separately in encrypted formats,” after conducting extensive tests on its networks the commerce giant decided that “changing passwords is a best practice and will help enhance security for eBay users.”
Users can go ahead and change their passwords now if they are aware of how the system works, or they can wait for the email from eBay to arrive with the necessary instructions. Our winning advice is to change that password ASAP.
eBay reveals in its press release that cyberattackers compromised a small number of employee log-in credentials between late February and early March. The breach resulted in unauthorized access to eBay's corporate network, but also “included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”
“However, the database did not contain financial information or other confidential personal information,” eBay clarifies, and that it has seen “no indication of increased fraudulent account activity on eBay.”
Sister company PayPal also shows “no evidence of unauthorized access or compromises to personal or financial information for users [as] PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.”
Customers who know they are using the same password across various other payment services or networks that might compromise their security are advised to carry out the procedure across all these services.
“Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts,” eBay said.
Earlier today, eBay rushed out the headline “eBay Inc. To Ask eBay Users To Change Passwords” but failed to produce the actual text body included in this announcement. Now the news is official.