After discovering that its systems had been breached sometime between late February and early March, eBay is notifying users that they should change their passwords. The breach has put personal data at risk but financial information was reportedly not compromised.
eBay said that e-mail addresses, physical addresses, birthdates, encrypted passwords, and phone numbers were all included in the database that the hackers accessed. The online marketplace is continuing to investigate the breach but some users are wondering why it took at least a few weeks for them to be notified about the compromised database.
No Sign Of Access
Even though the first sign of an attack appeared well over a month ago, eBay said that it is has yet to find any evidence of a hacker accessing user accounts with the information he collected. Since the passwords that were compromised were encrypted, taking advantage of them would not be easy and could be nearly impossible. Even so, eBay said that it is still urging users to change their passwords and will send e-mails about the breach sometime Wednesday.
A mysterious post on the PayPal blog Wednesday had originally signaled that there was an issue with eBay's security. That post, while lacking any body text, did suggest passwords needed to be changed but it took a few hours after that blog post was removed for eBay to issue a full statement. PayPal's blog may have been used to host the original warning but PayPal was not affected in any way by the security breach.
eBay stressed the separation of PayPal and its own marketplace services in an official statement late Wednesday morning. A follow-up post, "Frequently Asked Questions on eBay Password Change," provided additional information in response to some of the questions that have been raised in news stories about the cyberattack.
According to its most recent post, eBay does not know how many people were affected by the breach, so it is sending out password change requests to all 145 million active buyers. The company also thinks that is has shut down any illegal access to its services and it is in the process of implementing new security features that will prevent any future breaches.
A Simple Tip
eBay also used its press release to provide a simple tip to all its users. "If you used the same password for eBay and any other site, we encourage our customers to change their passwords for those sites, too. As a matter of good practice, the same password should never be used across multiple sites or accounts," according to eBay.