If you are an eBay user, then change your passwords immediately. That is the message coming from eBay headquarters, who are facing the embarrassment of having a database hacked and users’ encrypted passwords stolen.
Since the passwords were encrypted, it means you are not likely to see any unauthorized activity on your account – at least not yet. So it would be a good policy to pre-empt any encryption cracking and change your password now. eBay is claiming that Paypal is not affected but it wouldn’t hurt to change your password there as well, for peace of mind at the very least.
The company is also claiming that financial information was not affected. But the breached database did apparently have financial information, as well as passwords, email addresses, physical addresses, phone numbers and dates of birth. Information such as an address and date of birth could be used to impersonate someone. The only piece of good luck – if you can call it that – is that social security numbers were not allegedly in the database.
According to the Wall Street Journal, the attack happened late February to early March, but was only detected two weeks ago. Somehow the hackers got hold of some employee login credentials to the corporate network at eBay and went from there. With 145 million members, the databases at eBay are rich pickings for criminals eager to get their hands on financial information, such as credit card numbers.
There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter. — eBay
No notice on http://t.co/3Z5SAJLg3L of this security breach. also password management is buried DEEP in settings. this is basic stuff.
— Jamie Nathan (@JNathan) May 21, 2014