eBay Hacked Two Months Ago – Change Password, But Not Yet

Hackers got into eBay two months ago and stole a database full of user information, the online auction site announced Wednesday. The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. eBay hasn’t said how many of its 148 million active accounts were affected, but that they had quite a bit of your personal information and it could have been taken. eBay said that the compromised database did not contain financial information or other confidential personal information.

“eBay Inc. said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”

The cyber attackers managed to get their hands on “a small number” of eBay employee log-in credentials and used them to get onto the corporate network. eBay has not stated if they have implemented new rules and regulations for employees not keeping their log-in credentials confidential.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. eBay’s subsidiary, PayPal, said it was untouched by the data breach as their data is kept on an entirely separate network.