eBay Security Breach

User credentials from the popular auction site were leaked in a new security breach
May 21, 2014

Later today, eBay will be asking all of its 112 million users to change their passwords due to a new cyber-attack that compromised a database holding encrypted passwords and other non-financial data. After extensive investigation, eBay concluded that no unauthorized user account activity occurred after the breach, and that there was no access gained to credit card information users may have stored with eBay. 

The attackers gained access to the eBay corporate network by first compromising a small number of employee login credentials. eBay worked quickly with law enforcement and security experts to investigate the breach and protect customers' information. 

The breached database, which was accessed in late February and early March included eBay customers' names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth. The database did not contain financial information or any other personal information.

eBay also said there was no indication of unauthorized access to personal or confidential information for PayPal users.

Beginning later today, all eBay users will be notified via email, site communications, and other official marketing channels to change their password. 

You can read more about the breach from eBay's blog.

BBB has these tips to ensure the security of your personal information on the web:

  • Use strong passwords that contain a mix of upper and lowercase letters, numbers, and symbols.
  • Use passwords that are at least 8 characters long
  • Don't use the same password on multiple sites
  • Consider using a password storage service to keep track of your passwords, or keep a hard copy of them in a safe place
  • Never share your password with a untrusted source