Hackers infiltrated an eBay database in late February into March, exposing customers' personal information and passwords, the company reported May 21.
The online auctioneer is now urging all users to change their passwords.
“Our customers are our highest priority; and to ensure they continue to have a safe, secure and trusted experience on eBay, we will be asking all eBay users to change their passwords,” eBay said in a prepared statement.
“Recently, our company discovered a cyberattack on our corporate information network, which compromised a database containing eBay user passwords,” eBay said.
No financial data was accessed or compromised, eBay said. eBay has 148 million active accounts.
The cyberattackers hit a database containing employee log-in credentials, which in turn gave them access to the company’s corporate network and customers' personal information. eBay said that the hackers did not access credit cards or financial data.
eBay says it is working with law enforcement and security experts to investigate the breach and will “apply the best forensics tools” to secure customer data.
Set passwords to be more than eight characters and/or more than four character types. Change passwords regularly. Maintain separate passwords for multiple sites.
The data included eBay customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers and birth dates.
The data breach did not affect accounts for PayPal, a division of eBay, which stores payment information on a separate network.
eBay deals with login breach; requests password changes.
eBay will use email, site communications and marketing channels to prompt customers to change their passwords, the company said.
Of assets targeted by data criminals in 2013, ecommerce comprised 54 percent of the assets, security firm Trustwave revealed in its Global Security Report.
To minimize online risks, users should use only one password per site, advised Roger Thompson, chief emerging threats researcher at ICSA Labs, a security certification organization.
“Passwords by themselves aren’t relative as a security measure in today’s environment,” Thompson wrote in an emailed statement. “Websites that don’t have multiple forms of authentication should be considered high risk for these types of events.”
In August 2013, eBay also ran into problems when website maintenance scheduled for two hours took nearly seven.
By providing links to other sites, CheapAssGamer.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to CheapAssGamer.com. CheapAssGamer.com is owned and operated by CAG Productions, LLC.