Ebay tells 233 MILLION customers to reset passwords
Over 200 million passwords stolen as hackers grab personal data including names, phone numbers and email addresses
Anyone with an eBay account has been urged to change their password immediately after hackers stole the company’s customer database.
The database was compromised sometime between late February and early March, with names, encrypted passwords, email addresses, phone numbers, physical addresses and dates of birth all stolen. There are an estimated 233 million people on eBay.
All users are being asked to change their eBay passwords immediately to “help enhance security”. No financial data has been stolen and eBay emphasised that it had seen no increase in fraudulent account activity on the site since the attack.
View latest ebay discount codes
PayPal user data is stored separately and has not been affected by the eBay data breach.
People with eBay accounts will be notified via email later today. The company said that anyone who used their eBay password on other sites should also change those passwords.
The attack happened when employee login details were compromised by hackers, allowing access to eBay’s corporate network. The company said it was “aggressively investigating the matter” to improve account security.
“This breach is a stark reminder that no organization is immune to cyber attacks,” said Troy Gill, security analyst at AppRiver.
TK Keanini, chief technology officer at Lancope said that eBay’s account security was inadequate:
“Ebay should programmatically force a reset of all passwords because just asking nicely will be ignored by too many,” he warned.
“They also should offer a two factor authentication method as others have done. All of these things help raise the cost to attackers.”
Other security experts echoed eBay’s advice that anyone who uses the same password on other sites should reset those passwords immediately. Concerns have also been raised that eBay isn’t warning customers via its homepage.