eBay is asking users to change their passwords because of a database cyberattack. The company says there is no evidence the compromise has resulted in unauthorized activity for eBay users or that anyone gained access to financial or credit card information, which is stored in separate encrypted formats.
“eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace,” the company said in a statement.
The cyberattackers used a small number of employee log-in credentials that allowed unauthorized access to eBay’s corporate network, the company said. The company is working with law-enforcement and security experts while investigating the issue.
Attackers compromised the database between late February and early March, potentially accessing eBay customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, according to reports. The company believes the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement.
eBay has not seen any evidence that shows unauthorized access to PayPal accounts. PayPal data are stored separately on a secure network, and all PayPal financial information is encrypted.
eBay is notifying users via email, site communications and other marketing channels to change their passwords. In addition, the company also is encouraging any eBay user who is using the same password on other sites to change those passwords, too.
“The same password should never be used across multiple sites or accounts,” the company stated.
“What’s Hot” is aggregated content. PYMNTS.com claims no responsibility for the accuracy of the content published by the original source.