Earlier today we spotted a post on eBay-owned PayPal’s official blog which said that users will be asked to change their passwords. Even though only the post title had gone public and there were no additional details, it was reason enough to believe that something might have gone wrong. eBay has now published a post on its official blog revealing that it was hit by a cyberattack and that users should change their passwords as soon as possible.
The company reveals that a cyberattack compromised a database that contained encrypted passwords and “other non-financial data.” eBay claims that it has conducted extensive tests on its network to ensure that the compromise didn’t result in unauthorized activity on users’ accounts. Not only does it confirm that that hasn’t happened, it also says that no evidence has been found of unauthorized access to users’ financial or credit card information.
The reason why financial information wasn’t accessed by the attackers is because it is stored separately in encrypted format. Financial information for PayPal users wasn’t accessed as well as it is stored separately in encrypted form on a secure network. eBay explains that the database that was compromised included customers’ names, email address, encrypted password, physical address, date of birth and phone number.
Therefore it would be best if eBay users change their passwords as soon as possible, if the same password is used across different services then it should be changed across all of them. eBay has started sending out emails to users to notify them, it will also use site communications and other marketing channels to get the urgent message across.