21
May
eBay-Thumb

eBay isn't for everyone, but with such a steady stream of good deals on gadgets, there's a reason to have paid the site a visit lately. Welp, apparently the online auction block marketplace (eBay reached out to let us know they're not just an auction block, but a marketplace where the overwhelming majority of listings are buy it now or new, in case you were wondering!) has been hacked, and it's time for all users to change their passwords. This should be a preventative measure, as the company hasn't noticed any fraudulent activity on anyone's accounts just yet. Nevertheless, that doesn't mean your credentials aren't now resting on someone's computer waiting to be sold or exploited someday. Better safe than sorry.

Okay

The attackers managed to gain access to a few employee accounts, with which they were able to tap into the corporate network. The compromise occurred sometime between late February and early March, and the company is now working with law enforcement to investigate the matter. For more information, here's the full press release.

eBay Inc. To Ask eBay Users To Change Passwords

SAN JOSE, Calif.--(BUSINESS WIRE)--eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.

Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.

Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.

The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.

The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.

Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. The same password should never be used across multiple sites or accounts.

Bertel King, Jr.
Born and raised in the rural South, Bertel knows what it's like to live without 4G LTE - or 3G, for that matter. The only things he likes sweeter than his tea are his gadgets, and while few objects burn more than a metal phone on a summer day, he prefers them that way anyway.

  • gladgura

    Just changed my password to saberredglow.

    • All_I_do_is_post_gifs
      • lljktechnogeek

        I swear, my parents had that exact same mini-stepladder thing when I was a kid.

        Don't think I ever climbed up on it dressed as a cop to punch someone in the face, though.

  • Matthew Fry

    There's no press release source. Did they release this just today? That's kind of slimy.

    • http://www.androidpolice.com/ David Ruddock

      Yeah, it's just on Businesswire. They're supposed to make an official statement soon and the site will ask you to change your password.

  • Steve Freeman

    It's a good thing they're letting everyone know so quickly after the security breach. :/

    • SimonPieman

      And people cried about Sony, which was smaller than this, also didn't include financials, and they only took 5 days to complete forensics, not TWO MONTHS.

      Ebay should get 10x the bad press, but then Microsoft aren't in the background poking the press with a sharp stick and shilling at every corner of the internet,

      • darkdude1

        Companies should be forced to take action instantly, the second they think a hack has occurred the least they can do is log every user out and force a password reset, better safe than sorry.

        • hamish

          Forensics do take a while. But its days not months. Its dangerous make press releases without answers but there is no excuse for lengthy delays.

          Sony did everything by the book but the press raped them over it. EBay bare getting off very lightly in comparison.

        • Marc Stinebaugh

          That would be a MUCH better way to handle it than simply requesting that people change passwords. Force it.

  • Christopher Bement

    Glad I just signed up a week ago!

  • Marc Edwards

    I forgot my ebay password. I wonder if i can buy it back...

  • MafiaMM

    How QUICKLY of them to inform us eBay users about this compromise. eBay A+++++++++++

    • sssgadget

      A+++++ would hack again!

  • Sky

    more like Turtlebay -_-

  • Owen Finn

    Two months ago? Oh, I am so going to sue.

    • http://www.bloodflame.com/ Patrick

      Class action. Let's do it.

  • Tower72

    So they got our real names...real addresses, email addresses, passwords, and birthdays (I think I read). http://money.cnn.com/2014/05/21/technology/security/ebay-passwords/index.html?hpt=hp_t3 If they already have all that information, what good will changing a password do, they already have it all! Glad it took 2 months for them to announce it

  • http://www.toysdiva.com Toys Samurai

    >> eBay reached out to let us know they're not just an auction block,
    but a marketplace where the overwhelming majority of listings are buy it
    now or new, in case you were wondering!

    I don't know what my feeling should after reading the sentence above. I mean, doesn't their PR has better thing to do than this today?

  • http://www.modminecraft.com/ Nick Coad

    Guys ffs, read the article. It took them two weeks to investigate and release the information, not 2 months. It was two MONTHS ago that the breach occured, two WEEKS ago that they found out the employee credentials were compromised and who knows how recently they actually discovered the database was compromised... What is with the commenters on this site never seeming to read the articles they're commenting on?