ALERT: You need to change your eBay password, now.

At300px-EBay_logo.svgtention eBay users: eBay has confirmed a data breach affecting all user accounts. Compromised information includes: customer names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.

It is recommended that all eBay users change their passwords as soon as possible.

Details on the Breach

Emsisoft first caught wind of eBay data breach rumors early Wednesday morning. Preliminary reports pointed to a botched blog post on the PayPal community blog, entitled “eBay Inc. To Ask All eBay Users To Change Passwords.” Besides the alarming title, the post was mysteriously empty; and, following a news leak from Reuters it was mysteriously taken down. Due to the fact that PayPal is actually owned by eBay, the rumor mill started spinning pretty fast.

Shortly thereafter, eBay confirmed the data breach with a corporate press release. The press release stressed that no financial information was compromised, as that data is stored in a separate location, where it is encrypted. eBay also indicated that their investigation revealed no evidence of fraudulent account activity.

The breach is reported to have occurred between late February and early March 2014, when cyber attackers gained direct access to eBay employee log-in credentials. This compromise was first detected two weeks ago, and eBay states that, in the time between then and today’s official announcement, they worked with law enforcement officials to investigate and resolve the issue. Later today, eBay will begin contacting its users directly, via email and various marketing channels.

Ensuring the best password protection

After any data breach, it is crucial to change your password. It is also important to realize that if you use that password for any other account, you should change it on that account as well to something new and unique. For best password practices, see our article on The Worst Passwords of 2013.

In the wake of a data breach affecting a company as massive as eBay, it is also important to be on the look out for phishing emails. As eBay points out in their press release, they will be directly emailing their user base and requesting a password change. This is a prime opportunity for fraudsters to pose as eBay and do the same, and thereby collect user credentials on phishing pages. To be safe, it is therefore best to navigate to your eBay account directly and change your password independently of any email provided link.

Have a Great (Password-Protected) Day!