EBay advises users to change password after database breach

Yesterday, eBay confirmed that hackers managed to gain access to personal information for all of eBay’s 145 million active users.

The attackers gained access to sensitive users’ information, including customer name, email address, physical address, phone number and date of birth along with their encrypted password. Luckily, the hacked database did not contain financial data such as creditcard numbers, nor did it contain social security, taxpayer identification or national identification information, the company said.

Never the less, the information that the attackers did manage to steal could be used for purposes of identity theft in phishing or social engineering attacks.

EBay also reported there is no evidence of unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.

The attack took place from late February through mid March. The hackers managed to steal a small number of employee credentials, which they later used to break into eBay’s database.

EBay’s subsidiary, PayPal, said it was untouched by the data breach. PayPal data, which is sensitive because it includes payment information, is kept on a separate network.

If you haven’t done so yet, log into your eBay account and change the password ASAP. It’s also a good time to familiarize yourself with the early signs of identity theft.

If you don’t check your credit report at least once a year, it would be a good idea to start now!