eBay Asks Users To Change Passwords
eBay has started asking eBay users to change their passwords because of a massive cyberattack that compromised a database containing encrypted passwords and other non-financial data.
eBay said that cyberattackers compromised "a small number of employee log-in credentials," allowing unauthorized access to eBay's corporate network. Working with law enforcement and security experts, the company is investigating the matter.
The database, which was compromised between late February and early March, included eBay customers? name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago.
The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
eBay users will be notified via email, site communications and other marketing channels to change their password.
The database, which was compromised between late February and early March, included eBay customers? name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago.
The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
eBay users will be notified via email, site communications and other marketing channels to change their password.