Change your passwords, eBay users: The auction site was hacked

Customer names, addresses, phone numbers, and birth dates were swiped in a cyberattack, but financial information is reportedly safe.

eBay's 128 million active users will find a rude surprise in their inboxes today: News that a cyberattack struck one of the company's databases between late February and early March and compromised important customer data.

The company said the breached database housed customer names, e-mail addresses and physical addresses, phone number, date of birth, and encrypted passwords. No financial information was taken, but the personal information that was swiped sounds like enough to do some damage. eBay didn't say how many of its users were actually impacted by the breach, but all users are advised to change their passwords.

eBay in a Wednesday statement announcing the breach said it found no evidence of fraudulent account activity as a result of the breach, and that its subsidiary PayPal was unaffected by the attack. If you store your financial information with PayPal, you can rest easy (sort of). The payment company has a separate secure network where it keeps your information.

It's unclear whether the breach is related to the Heartbleed bug that exploits a flaw in OpenSSL and leaks data all over the place. eBay said a few employee log-ins were compromised in the breach, so perhaps the hackers were able to phish their way to your information, like they did in the Target hack last year.

eBay on Wednesday will begin e-mailing users about the breach. You should change your password, and if you've used the same password across multiple sites, you should change your passwords en masse.

Pro tip: For service like eBay and PayPal that offer two-factor authentication, you should use it. The PayPal Security Key is a physical card that generates security codes for your PayPal and eBay accounts for added protection. You can also choose to have codes sent to your smartphone, instead. We have a handy guide to turning on PayPal two-factor authentication here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags hackebaypaypal

More about eBayPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Caitlin McGarry

Latest Videos

More videos

Blog Posts