EBay Asks All Users to Change Password

May 21, 2014

The BBB Serving Central SC and Charleston is alerting consumers that E-commerce site eBay is asking users to change their password after a cyber-attack compromised a database containing encrypted passwords.

The company says there is no evidence of any unauthorized activity and there is no evidence any financial or credit card information was stolen.

EBay says its investigation is active and it can't comment on the specific number of accounts affected, but says the number could be large.

Cyber attackers stole a small number of employee log-in credentials that gave them access to eBay's corporate network. The San Jose, California-based company is working with law enforcement to investigate the attack.

The database was hacked sometime between late February and early March.

EBay owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked.

The BBB offers some password strategy tips:

•Base the password on a mnemonic, such as an easily remembered phrase. Take the first letter of each word in the phrase and add a few characters. Example: “Seek first to understand” would look like sftu8@.

•Let applications like Hitachi ID Password Manager select a safe password for you.

•Choose a password when your mind is clear, and you are not rushed to create the new password. Then use the password often.

•Use six characters or more.

•Mix upper and lower case letters. Don’t use personal information or dictionary words. Hackers use software to enter random dictionary words to help them determine your password.   It works!

•Avoid substitutions such as replacing l or i with the digit 1. The hackers’ software will figure that out immediately.