Skip to main content

eBay urges all users to change passwords after cyberattack

eBay wants all users to change passwords after confirming that an erroneously released message was in fact true and that the site has fallen prey to hackers.

Related: Kickstarter hacked: password changes advised after massive customer data leak

The cyberattack, which affects encrypted passwords and various other pieces of confidential but non-financial information, took place over the past couple of months and it came after a message confirming the attack was released earlier than planned.

The message, which was originally posted on the PayPal press and community web pages, didn’t explain the nature of the problem and the message headline simply read “eBay Inc. To Ask All eBay Users To Change Passwords". That was the end of the content in the message with the remainder taken up by the words “place holder text”.

It wasn’t until the following morning that eBay issued an official press advisory that confirmed the earlier message was not a hoax and user accounts have been compromised.

“After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users,” stated a blog post by the company.

eBay went on to the explain that the breach took place between late February and early March, and includes eBay customer names, encrypted passwords, email addresses, physical addresses, phone numbers and date of births.

It confirmed that no fraudulent account activity has yet been witnessed on eBay following the breach and that PayPal haven’t fallen victim to the same attack as all of the payment service’s data is stored on a separate secure network.

Related: Heartbleed and your passwords: An in-depth guide to what action you should take

It’s the second time in a matter of months that eBay or PayPal have been attacked after the Syrian Electronic Army [SEA] claimed responsibility for a popup message that customers were greeted with when visiting the site that criticised the company for not accepting payments from Syrian citizens.