Ebay To Users: Reset Your Passwords After Security Breach

If you buy, sell, or a combination of both on the popular auction site eBay, you'll want to head over and change your password. At least that's what the company is urging users to do after they fell victim to what The Guardian is calling the “biggest-ever cyber attack.” Hackers broke into eBay's extensive database (233 million customers, to be exact) to get to the sensitive personal data contained within.

The number of people affected earned it that “biggest-ever” designation. Customers will be happy to hear that their payment data is safe, but hackers were able to obtain names, addresses, email addresses, phone numbers, encrypted passwords, and dates of birth.

All About The Breach

Although it was only detected two weeks ago, the company said that the database was actually hacked sometime between late February and early March. PayPal has chimed in to reassure customers their payment and bank data is safe and sound – they have a separate database holding that information. But does that matter? Isn't getting all of this other data just as bad? Most definitely.

Experts argue that eBay failed miserably in the security department by choosing not to encrypt this personal data. Only your account password is encrypted. The rest of it is still valuable to any criminal. They also wonder why it took a company as huge as eBay three months to discover the breach. Why, the experts ask, isn't such a massive company that holds so very much customer data, keeping up with the cyber-security times?

What Could Happen

There are many problems with criminals getting their hands on this personal information. Think about it – if they have your name, address, telephone number, date of birth, and email address, they can easily steal your identity.

Armed with this data, it's also much easier to convince you to spill even more information such as credit card numbers and bank account details. When that email comes in asking you for such data, it's much more believable when your personal information is included. You'll think, “Well they already know all of this about me, so I must be safe!” Then it's too late, and your credit card has an exorbitant balance you can't afford to pay off.

Not Heartbleed

The attack was not implemented thanks to the recently discovered Heartbleed flaw. Instead, hackers were able to obtain a handful of eBay employee login information. This gave them full, unauthorized access to eBay's network in a way that was virtually impossible to detect.

This breach is massive, overshadowing even the Target breach last December, which only affected 40 million customer credit cards. eBay has released statements apologizing for the inconvenience, stressing how important security is to the company. It is working hard to discover more about the breach alongside security experts and law enforcement, and is happy to report that as it stands right now, it appears nothing nefarious has been done with this customer information as of yet.

You can wait for eBay's email asking that you change your password, or be proactive and change your password on your own time. Experts also recommend that you head to other sites that might use the same password and change them, too.