eBay is telling its users to reset their passwords after discovering a cyber attack that compromised encrypted non-financial files.
The company insisted in a post on its official Website today that the reset was only a best practices precaution.
The company says there is no evidence credit card or other financial data belonging to eBay’s customers or sellers was accessed.
However, the company did admit the database compromised sometime between late February and early March did include customer names, encrypted passwords, email addresses, physical addresses, phone numbers and date of birth information.
In a statement addressing privacy concerns as part of the official announcement, the company explained:
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
In the announcement the company also said it was working with law enforcement and security experts to investigate the breach. But the company said to date there is no evidence the attack led to any unauthorized or fraudulent activity on the site that might affect users.
The company also said there is no evidence that PayPal, which eBay also owns, was affected by the attack. PayPal data is stored in a separate database and all files are encrypted.
eBay said it would be informing users through email, site communications and other marketing channels of the recommendation to change their passwords. The company said it would also recommend customers who use the same passwords on other sites to change those as well.
Cyber attackers apparently gained access to eBay’s system by compromising a small number of employee log-in credentials.
Founded in San Jose, Calif. in 1995, eBay estimates it enabled $205 billion in commerce between buyers and sellers in 2013.
eBay Photo via Shutterstock
More in: Cybersecurity
I guess it is okay to be ready for security issues. After all, most of the big websites these days are being hacked. It is better to change your passwords constantly to keep yourself protected. It may be a hassle but it is worth it if it can protect you.
Changed my password soon as I found out a few days’ ago. It would seem that no company is immune from being hacked into. It’s good that eBay’s encouraging members to change their passwords as a precaution.
(p.s.: It was hacked in Feb/March. So is eBay just finding out about it?)