Online shopping site eBay is asking its millions of users to reset their account passwords following a cyberattack on servers storing non-financial customer information, the company announced today.
The breach did not result in unauthorized financial account activity, the company said in a statement, but all consumers with eBay accounts should immediately reset passwords as a security precaution. Users will receive emails today instructing them to do so.
The compromised database contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and birthdates, so while hackers accessed no financial data, the information is valuable to potential identity thieves. eBay has more than 128 million active users, according to its website.
“The eBay breach illustrates the growing problem with identity theft, which is how ordinary folks are often the real targets of hackers who go after these big companies,” said Adam Levin, chairman and co-founder of Credit.com and Identity Theft 911. “No matter how safe any individual person is with their data, databases like eBay’s represent a nearly irresistible source of people’s personal information to hackers, rather than going after individuals one by one.”
What You Need to Know
The database was breached between late February and early March, which the company discovered after it detected some compromised employee log-in credentials two weeks ago. That investigation revealed the compromised server.
PayPal, a payment processing subsidiary of eBay Inc., was not compromised, as PayPal information is stored on servers separate from the affected ones. Credit card and other financial information of eBay users is encrypted and also stored separately.
As with most data breaches, changing passwords is a must. If you use your eBay password to log into other sites, change those, too, and keep in mind the risk of using the same password across many platforms. Considering an email address is often your username for online accounts, the hackers with the eBay data could easily access other accounts using the same credentials or target you via an email phishing scam.
Identity theft should also be a concern among these data breach victims, because your address and date of birth can be helpful for criminals interested in committing tax fraud or opening fraudulent accounts in your name. You should check your free annual credit reports (here’s how to do that), as well as monitor your online bank accounts and credit scores, because a sudden and unexpected change in credit score can be an indicator of identity theft. You can see two of your credit scores for free every month with a Credit.com account, and you can learn more about the risks of identity theft here.
More on Identity Theft:
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- How Credit Impacts Your Day-to-Day Life