eBay will ask you to change your password today after an attack

By Rich Edmonds on 21 May 2014 10:01 am EDT

eBay has announced today that users of the popular service should change their passwords immediately due to a cyber attack that compromised a database containing encrypted passwords. A press release sent out by the company stresses that only non-financial data was affected.

Hastily investigating the matter, eBay found no evidence of any unauthorized access to financial or credit card information, but we strongly urge all readers to pop into their accounts and make the change regardless.

PayPal on-the-other-hand has not been affected in this case and there's reportedly no evidence of attacks on the separated networks. We would, however, recommend you change PayPal passwords too just to be on the safe side, especially if yours are memorable and/or weak.

Later today, eBay will fire out email reminders to its userbase and will publish alerts through social channels to have their passwords altered. Also, while we're on the subject, take this as a friendly reminder as to why it's not such a good idea to have the same password for every account you have.

Source: BusinessWire

Press Release

SAN JOSE, Calif.--(BUSINESS WIRE)--eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Reader comments

eBay will ask you to change your password today after an attack


True, and it's more secure than ever. Another case of "it's not an issue until it's an issue". Security, that is.

Right?! Like a nice new Blackberry Z30 !

Swiped via CB10 with my T-Mobile USA (Only T-Mo rep still pushing  )  ‎BlackBerry Q10...oh wait a sec....its my new  BlackBerry Z30 (STA100-5), son! The holy grail of phones! Once you go BlackBerry, everything else is wack-berry! LOL! #longestsignatureever

Yes. I just read the same this morning. The link to the original message from eBay, now shows message as "unavailable". Pulled without explanation.

Too embarrassing?

But great to still have it on CB, even though it's rather not "directly BB related". Just changed my password. Without CB I wouldn't have known. Thanks!

"No Q10?" -> "Buy from Chen... "

Had my eBay hacked on Sunday. Cars, caravans and trailers listed on there :/ scary, especially when such large corporations are involved

BlackBerry Z30 STA-100-2 running :D


What underwear you wear, what you do in bed with your wife, all the things you might buy (and don't want others to know?) and did buy, your password(s) (LOL!), your online banking details, the odd embarrassing (but now deleted) post on the 'net, your medical history with the odd ailment you better keep to yourself, speeding fines, criminal record, political views, drunk pictures (when you were young and stupid!), potentially career-damaging little antics and stories....

No, still nothing to hide?

"No Q10?" -> "Buy from Chen... "

Different passwords for everything, that's how I do it. :)

Posted via CrackBerry 10 (CB10) application using my BlackBerry Q10.

Hackers (one being mike.w.chu@gmail.com) were also changing the email addresses on listings that had been listed w/in the last 2-3 months or so to their own email address, causing sales $ to be redirected to the hackers' accounts.

First Heartbleed now this and no name to add.
Ummm what if this bug has installed some other dormant bug just waiting for all the new passwords Mmmmmm


Anybody wondering why it took them so long to announce these security breaches?! They happened in February and March!

And we have yet to find out the extent of these security lapses. But my gut is telling me that since they are dragging their feet for soo long, the situation must be quite serious...

Some were saying that this will dwarf previous such occurrences. I guess we will see!

Cartman says: Screw you guys I'm going home!

Well I have two eBay accounts. Personal and work. My linked email address for the personal one had been hijacked. I've just spent the last 40 mins on chat support telling them I don't have control of the registered email address, so can't collect emails to confirm my account closure request. Also...I'm on holiday so they can't use the registered numbers to call me. it's a mess.. I've instructed them that I will hold them responsible for any loss.

My work eBay account I just logged on and requested it to be closed. I got a message back saying

"Unfortunately, we can't close your account yet, because it has been suspended, restricted, or is otherwise not meeting minimum seller standards. Until you have resolved this matter, your account must remain open. If you would like to appeal your suspension or have an account reviewed by a member of our Trust & Safety team, please"

So again, I'm stuck. What an utter mess.

When I say the email account has been hijacked, this only happened after the eBay breach. So I assume they got the registered email address from ebay and tried the same password. Yes, I know, different passwords. In all honesty, this email was only for junk stuff anyway.. all other email, bank etc use highly encrypted passwords. Just goes to show.. you can't be too careful. Anyway. Closed PayPal now, will close eBay also. I no longer have a Facebook or Twitter account. I never post photos on the Web. I'll be like a ghost..

The way ebay is handling it is a joke. No mention of the breach on the main landing pages of any URL .com .ca etc. Instead buried in links one never goes to..

Password resets should have been done immediately. That being said guarantee it will spill over to Paypal and kijiji. When a company says no signs cc data wasn't taken is the exact opposite. Already reports of people losing thousands. $3000 one in Calgary just the other day.

Hope eBay takes a shit kicking! Their service has gone downhill for the all mighty dollar. Should have two step verification or an authenticator.

Thanks for the heads up, I got an email this morning, thought it was a hoax. They usually address me by my first name or my eBay name I'm communications, both were at the end of the message.

I use the BlackBerry password keeper app's random password generator; another reason for me why, Password Keeper is one of the top 10 essential BlackBerry 10 apps.

.2141 what's the difference? .1925 still the bangingest til I know any different.