Later today, eBay will be asking all of its 112 million users to change their passwords due to a new cyber-attack that compromised a database holding encrypted passwords and other non-financial data. After extensive investigation, eBay concluded that no unauthorized user account activity occurred after the breach, and that there was no access gained to credit card information users may have stored with eBay.
The attackers gained access to the eBay corporate network by first compromising a small number of employee login credentials. eBay worked quickly with law enforcement and security experts to investigate the breach and protect customers' information.
The breached database, which was accessed in late February and early March included eBay customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. The database did not contain financial information or any other personal information.
eBay also said there was no indication of unauthorized access to personal or confidential information for PayPal users.
Beginning later today, all eBay users will be notified via email, site communications, and other official marketing channels to change their password.
You can read more about the breach from eBay's blog.
BBB has these tips to ensure the security of your personal information on the web: