Internet Security

eBay Urges Users to Change Their Passwords After Cyberattack

Mark O'Neill 22-05-2014

If you are an eBay user, then change your passwords immediately. That is the message coming from eBay headquarters, who are facing the embarrassment of having a database hacked and users’ encrypted passwords stolen.



Since the passwords were encrypted, it means you are not likely to see any unauthorized activity on your account – at least not yet. So it would be a good policy to pre-empt any encryption cracking and change your password now. eBay is claiming that Paypal is not affected but it wouldn’t hurt to change your password there as well, for peace of mind at the very least.

The company is also claiming that financial information was not affected. But the breached database did apparently have financial information, as well as passwords, email addresses, physical addresses, phone numbers and dates of birth. Information such as an address and date of birth could be used to impersonate someone. The only piece of good luck – if you can call it that – is that social security numbers were not allegedly in the database.

According to the Wall Street Journal, the attack happened late February to early March, but was only detected two weeks ago. Somehow the hackers got hold of some employee login credentials to the corporate network at eBay and went from there. With 145 million members, the databases at eBay are rich pickings for criminals eager to get their hands on financial information, such as credit card numbers.

There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter. — eBay

The attack at eBay follows similar attacks at as well as Target Target Confirms Up To 40 Million US Customers Credit Cards Potentially Hacked Target has just confirmed that a hack could have compromised the credit card information for up to 40 million customers that have shopped in its US stores between November 27th and December 15th of 2013. Read More , not to mention the recent Heartbleed vulnerability Heartbleed – What Can You Do To Stay Safe? Read More .


So before you do anything else today, go to eBay and Paypal, and change those passwords. Even if you use a different eBay site to the US site, still change them. Cyberattacks know no borders.

Source: eBay Blog via Wall Street Journal

Related topics: eBay, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Allie
    May 27, 2014 at 2:43 pm

    or mention of it when I signed in to check...hmmm

  2. Allie
    May 27, 2014 at 2:41 pm

    I'm only getting e-mail from vendors I've bought from regarding sales....nothing from e-bay yet...

  3. Allie
    May 24, 2014 at 6:00 pm

    I was NEVER notified by E-Bay. Heard it om the news. What a rotten way to do business. I'm done.

    • Mark O'Neill
      May 25, 2014 at 9:08 am

      I received an email from them this morning - from the eBay President urging me to change my password. Did you not get this email?

    • dragonmouth
      May 26, 2014 at 12:39 pm

      No, I did not get this email, or any other for that matter. I guss this email went out only to bloggers, pundits, tech writers and anybody else who can help eBay try to polish its image.

      I've been an eBay member for over 10 years, both buying and selling. I guess, as far as eBay is concerned, my transaction volume is too low to warrant an email about my data being compromised.

  4. Lester F.
    May 22, 2014 at 6:18 pm

    I am thrilled to read this headline! This is but a tiny smidgen of the justice that has been denied to Ebay and PayPal's millions of victims over the years.

    The ONLY reason the Federal Trade Commission has always and continues to look the other way while the Whitman twins grow, expand and perfect the largest and most effective organized crime gang in American history - one that makes the Bonano family, the Cryps, Bloods and even Mara Salvatrucha 13 (MS-13) look like a bunch of amateurs with pellet guns in terms of the magnitude of their crimes - is the FEC maximum allowable political contributions issued by Whitman and countless employees using her money to every single incumbent Congressman, Senator and challenger to each of the 535 federally elected officials plus the President and anyone with a legitimate shot at replacing him.

    For more than a decade, Ebay and PayPal have teamed up to systematically defraud small business that lack the resources to fight them, all while cultivating an online marketplace in which a substantial percentage of consumers expect merchants to accept PayPal as a form of payment, putting merchants in the difficult position of having to decide whether to accept those transactions and leave themselves susceptible to PayPal's racketeering scheme and the chargeback fraud scheme the company has successfully recruited hundreds of thousands of petty crooks with no formal ties to the gang aside from an account to do their bidding, rewarding both the petty crooks and themselves when a criminal makes a purchase, receives the item purchased, claims it either wasn't received or that somehow the product was "not as described" despite being shipped in its original, unopened packaging, described only by the manufacturer's stock product description and specifications.

    The petty thieves get to have their cake and eat it too. Anyone who has ever accepted PayPal as a method-of-payment and actually sold anything knows that about 20% of the buyers who use PayPal initiate chargebacks for every transaction. They do this because they always win, regardless of whether their allegations are truthful, can be proven false using tracking information, etc.

    PayPal, the judge, jury and executioner for these disputes, built a conflict-of-interest into the system by awarding itself a $20 bonus every time it arbitrates a chargeback decided in favor of the buyer. Naturally, 100% of these chargebacks are decided in favor of the buyer. Since this has been going on for over a decade, and since PayPal is very careful never to steal more than the $10,000 or whatever the minimum amount required in a given year to qualify for an FTC investigation of a formal complaint from any one single merchant (they stole just short of that amount from a company I once owned for two consecutive years before we stopped accepting the payment method), PayPal has literally stolen somewhere in the neighborhood of a billion dollars from myriad small businesses with total impunity. They get away with it because Whitman's money bought a set of regulations which allow the company to steal and to encourage buyers to do likewise so long as PayPal continues to get its cut.

    The businesses are selectively targeted. The smaller the company the more likely PayPal is to target it in its relentless fraud campaign. The reason for this is that by targeting companies whose ability to combat and/or contest the heists is restricted to the company's ability and willingness to spend tens of thousands of dollars publicizing a series of thefts that amount to less than the cost of the publicity itself, the victims have essentially no voice aside from each firm's limited list of customer contacts. Advertising dollars from Ebay provide incentive for major media outlets and online news providers (like Yahoo and Google) from acknowledging the practice, so reports of the crime are never disseminated in a mainstream media publication in any medium.

    There exists today a sizable group of the collaborative petty fraudsters who get whatever they want free because they know the deal and how the system works and understand that they can buy anything and receive a full reimbursement within a month or two of receiving the goods.

    PayPal also knows all too well that their crimes eventually contribute to most of these mom-and-pop online retail operations failing and going out of business. They also know that market forces will lure in new and unsuspecting merchants to fill the void left by the companies literally looted to death.

    Sadly, as long as the whistleblowers are silenced (I don't have $200 to put into a PRWeb release that will almost certainly be removed with no refund issued within hours if not minutes of its publication), and as long as the regulatory bodies charged with protecting the victims of this scam from predatory criminal enterprises like PayPal, I do not foresee any real justice aside from that inflicted by whomever pulled off the vigilante retribution about which the above story was written.

  5. Jackie Farnham
    May 22, 2014 at 3:52 pm

    Well now I know why the last 2 months I have gotten a paypal charge supposedly from ebay for seller fees. I have never sold anything on ebay only bought. So yeah they were able to get pmt info. glad I changed everything 2 weeks ago....

  6. Jo-anne P
    May 22, 2014 at 4:56 am

    I just popped on to my account and sure enough there is a notation STRONGLY URGING members to change their passwords. There is also a notice cautioning you to beware of where you log in to change your info most notably that the site starts with HTTPS

    I know when I am in a rush I don't always check and this reminder helps. When you go through the steps to change I had to smile. I shows you a screen and asks what you want to do.. It informed me that YOUR PASSWORD IS WEAK LOL Hey I should be happy it didn't say dumbass or worse because it was lame and weak because i rarely use and forgot. Now it is STRONG LIKE BULL! I really love these posts thanks for all the hard work and for keeping people like me (the ones with lame weak passwords) in the loop and on top of things