eBay prompts password changes in wake of cyberattack


— 10:41 AM on May 21, 2014

All done changing your passwords to stay safe from would-be Heartbleed exploits? Good, because it's time to change another one.

eBay announced this morning that, because of a "cyberattack," it will ask users to change their passwords. The cyberattack involved a database in which some user information, including encrypted passwords, was stored:

The database, which was compromised between late February and early March, included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today.

Now, eBay stresses that the password change is simply a precaution. According to the company, there are no signs so far that user accounts were compromised. I'm guessing whoever misappropriated the database might not have decrypted those passwords yet:

After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.

So, yeah. This is less scary than the headline might make it seem. Still, as eBay points out, changing your password every now and again is always a good idea.

   
Register
Tip: You can use the A/Z keys to walk threads.
View options