Why Changing Your eBay Password Isn't Enough

Changing your password after a data breach is great and all, but as far as protecting yourself after the eBay data breach, you’re not done yet.

Email addresses were also compromised in the attack, meaning the 128 million active eBay users have become phishing targets. Phishing is a deceptive tactic fraudsters use to trick you into divulging sensitive information. Now that they have your email address and a few other identifying bits of information (like your name, birthdate, physical address and phone number), hackers have a few ways they’ll try to play you.

Click With Caution

It’s not that difficult to put together an email that seems to come from a legitimate business — maybe it won’t be from eBay, but scammers will contact you and impersonate a person or companies you trust as a way of getting you to click on malicious links and share information they can use to commit financial fraud.

It sounds paranoid, but you need to read your emails with an abundance of skepticism (like in this story, when a hacker did a decent email impersonation of a friend). There’s no one-size-fits-all approach to phishing, so look out for messages asking you to update user accounts, confirm payment information, download something, take advantage of a deal or act quickly in the interest of saving money or protecting your identity — hackers know you’re feeling vulnerable after a breach like this, and they’ll play into your fears without hesitation.

Think Beyond eBay

Consider how many online accounts you have. Shopping sites, banking, social media, news sites — these days, everything requires a login. Many of those use your email address as your username, and if your email address was stored on that compromised eBay database, a slew of your usernames has also been exposed. The eBay passwords were encrypted, but the company urged its users to change them anyway. If you use that password in conjunction with your email address for any other site, you should change it, too.

Get everything you need to master your credit today.

Get started for free

PayPal, which is a subsidiary of eBay, wasn’t impacted by this breach, the company said, but if you use the same email address and password for eBay and PayPal, you would be wise to change that, too. It doesn’t take much effort to make these updates, and it’s worth the time to protect your financial information, avoid fraud and prevent damage to your finances or credit.

There are a lot of great tips out there for creating strong, yet memorable, passwords (here are a few strategies you can use), and it’s a good idea to update your login credentials regularly, even when you’re not a data breach victim.

Why is this such a big deal? Fraud and identity theft can cause you some major headaches (seriously, there are horror stories) and proactively checking your bank accounts and credit information for unauthorized activity is the best way to avoid them. You should also check your free credit reports every year and look for inaccuracies, and you can use your credit score as an identity theft monitor, too. By checking your credit scores every month (which you can do for free on Credit.com), you will notice any sudden and unexpected changes in your score, which may indicate your identity has been compromised.