Online marketplace eBay on Wednesday put out a press release instructing all users to change their passwords. The company revealed it was hit by a massive cyberattack that compromised its encrypted database of passwords and “other non-financial data.” The release said that while the cyberattack did compromise user passwords, no unauthorized activity has been detected—so far; credit card and other financial info is allegedly safe, eBay said.
eBay said that the hackers were able to compromise a small number of employee logins, which then allowed them to gain access to user passwords and information. The exact details aren’t clear, as eBay instead wants to focus on alerting customers. Also unclear is if eBay knew its corporate network was susceptible to such attacks; Target, which was the victim of one of the largest attacks last year, eventually admitted it basically ignored malware software warnings before customer info was stolen.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password may cause our customers,” the company said in a statement.
What’s worrying is that the breach apparently took place sometime between February and March, though eBay only just detected something was awry a few weeks ago. The company said it’s currently working with law enforcement and security experts to investigate the matter, and promises to apply “the best forensics tools and practices to protect customers.”
eBay is insistent that no financial information has been compromised, and no fraudulent activity has been detected. However, customer passwords, email address, physical address, phone numbers and other personal information has been accessed, which is why eBay is putting out today’s announcement. The company said it will start sending out notification emails later today, so you’ve been warned.
As a best practice, eBay encourages users to not only change their eBay password, but any other password that was the same as your eBay login.