eBay Suffers Massive Security Breach, All Users Must Change Their Passwords

The chaos of Heartbleed may have passed, but the number of high profile online hacks continues unabated. According to BusinessWire, auction site and global retailer eBay EBAY -0.17% is the latest victim and has been hit by a huge cyberattack that compromised its main database holding user passwords. An email will be issued later today informing all eBay users to urgently change their passwords  .The report claims there is: “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.”

The origin of the breach comes from hackers compromising a small number of employee log-in credentials, which gave access to eBay’s corporate network. eBay says it is working with law enforcement and leading security experts to “aggressively” investigate the matter.


Most troubling is the database was compromised between late February and early March and was not detected until two weeks ago. The hackers gained access to information including eBay customers’ names, their encrypted passwords, email, registered addresses, phone numbers and date of birth .

More positively eBay says the database did not hold financial information as that is stored separately. Furthermore it has not seen any evidence of a rise in fraudulent activity or additional attempts to gain entry to Paypal. Like eBay’s financial information, Paypal data is also stored separately.

eBay is taking the breach extremely seriously stating that users employing the same password across eBay and other sites should also change those passwords. It stresses your eBay password should be unique.

Any sizeable security breach will hit a company hard, but it will be doubly tough for eBay given the site’s focus on buyer and seller reputations. eBay has long been saddled with a reputation for dodgy listings and phishing scams. Something the site has worked hard to improve.

Needless to say all users should act now as the full fallout from the hack will inevitably only come to light in the coming days and weeks.

Posted in News, Security and tagged .