Ebay hacked, change your password

Ebay says that its corporate network and databases were compromised earlier this year, and will ask its users to change their passwords. The press release follows.

SAN JOSE, Calif.--(BUSINESS WIRE)--eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Notable Replies

  1. Yeah, because remembering eleventy-thirteen passwords and not having them written down is so fucking easy. When do I just get an Iris reader for my computer?

  2. That's what password managers are for. It's annoying that they're a bit of a hack, but they're preferable to reusing passwords. That and being tied to a single machine is a bummer too unless you're willing to carry around a USB stick with your password manager software on it and people are willing to let you plug it in.

  3. It's all well and good if you have only the one computer, but I also have a tablet, and the process of typing in overly complicated passwords on a touchscreen keyboard that's split into Alphabet, Numbers and Symbols is not an entirely endearing one.

  4. I recommend LastPass. It has a IOS and android app, the password vault is accessible via web interface and there is a browser plug-in for all common browsers. The Android app is even able to auto-fill/auto-login since the last update. The only password you have to remember is the LastPass Master-Password.

    If you don't like typing complicating passwords with Numbers and symbols on phones or tablets consider creating a longer password (more than 25 characters) by stringing together six simple words.

  5. No apps?

Continue the discussion bbs.boingboing.net

20 more replies