eBay hit with massive security breach, asks all users to change passwords

[Reefa]

Later today, eBay will begin asking all of its 112 million customers to change their passwords, in the wake of a newly discovered database breach. The breach compromised a database containing a list of encrypted passwords that, once released in the wild, could potentially be decrypted through publicly available tools. As a result, eBay is asking users to change passwords as soon as possible. Officials say no financial data was implicated, and the company hasn't found any evidence of unauthorized activity resulting from breach.

The attack itself took place some time between late February and early March, when attackers obtained a group of employee log-in credentials, allowing access to the larger database. Even after the attack, eBay wasn't aware of the compromise until two weeks ago, and it took detailed forensic analysis to implicate the password database, resulting in today's announcement.

In addition to passwords, the database contained basic login information like name, email, phone number, address and date of birth, but officials stressed that no confidential or personal information was included in the breach. Paypal was not involved in the breach, as PayPal data is kept on a separate network with higher levels of encryption. Still, a site-wide password reset is generally seen as the best response to this kind of breach. eBay also reminded users to make the change at any other sites where they had used the same password, a bad security practice that is nonetheless widespread.

Source

[Sonar]

changed my password - thanks for the info :)

Never save/link any payment method and ull be safe from any breaches on any website if your account was grabbed.

Edited May 21, 2014 by Sonar