eBay has suffered a major cyber-attack (which occurred somewhere between late February and early March this year), with hackers able to gain unauthorised access to a database that included details of users’ names, home addresses, dates of birth and encrypted passwords.
Yesterday eBay issued an advisory, strongly recommending that customers change their passwords. Although the passwords were encrypted, it seems the hackers have gained access to them somehow.
The company assures users that it has seen ‘no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats…. However changing passwords is a best practice and will help enhance security for eBay users.’
Users are also warned to remain vigilant,
‘Following a cyberattack of this nature it is common that fraudsters will try to exploit well-known brand names like eBay in an effort to obtain personal information. They attempt this fraudulent activity through phishing emails, texts, phone calls and fake websites.’
PayPal payment details are not affected as they are stored separately, although users who do employ the same password for both accounts should of course change their PayPal, password too. We strongly suggest using a password manger such as KeePass to generate and manage secure passwords.
Unfortunately, how to change your password in eBay is not as obvious as is probably should be. To do so, hover your mouse over ‘Hi, yourname’ on the left of the eBay screen, and select ‘Account Settings’. This will take you to your Personal Information screen, from where you can change your password.
Unfortunately, paste is disabled, which is a pain if using a password manager.
One curious aspect of the whole affair is eBay’s tardiness in notifying customers directly. Although the advisory warning states that ‘We are in the process of notifying all eBay users and asking them to change their password through email, site and other marketing communications channels’, it seems that few customers have yet received these. A warning notification is now displayed on the front page of eBay, but this is a fairly recent addition.
Regardless, the advice is clear:change your eBay password NOW!