eBay Asks Consumers to Change Passwords, Alerts of Security Breach

May 21, 2014

eBay is encouraging its customers to change their passwords, after admitting it suffered a data breach between late February and early March. The breach compromised a database containing encrypted passwords and non-financial personal information. EBay states that there is no evidence of unauthorized access to credit card or financial information or of unauthorized activity for eBay users.  

eBay says cyber attackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network.

In a post on its website, the online giant says it has no knowledge of users’ financial information having been stolen or misused, despite the theft of names, addresses, phone numbers, telephone numbers and birth dates.  Unlike basic user information, financial information is encrypted.

The company says it discovered the breach two weeks ago and is working with law enforcement and security experts to investigate and protect consumers. While eBay has an estimated 145 million users, it did not disclose how many were affected by the breach.  eBay says there is no evidence that its subsidiary online payment system, PayPal, had been hacked.

Beginning May 21, 2014, eBay will notify consumers via email, their website and other marketing channels of the breach and urge them to change their eBay passwords along with other sites that use the same password.