NEW YORK – E-commerce site eBay is asking users to change their password after a cyberattack compromised a database containing encrypted passwords.
The company says there is no evidence of any unauthorized activity and no evidence any financial or credit card information was stolen.
EBay said its investigation is active and it can’t comment on the specific number of accounts affected, but says the number could be large, so it is asking all users to change their passwords. EBay had 145 million active users at the end of the first quarter.
Cyberattackers stole a small number of employee log-in credentials that gave access to eBay’s corporate network, the company said. The San Jose, California-based company is working with law enforcement to investigate the attack.
The database was hacked sometime between late February and early March, but compromised employee log-in credentials were first detected two weeks ago.
EBay owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.
The attack follows several other high-profile data security incidents, including a massive breach at Target stores and the recent discovery of the “Heartbleed.” computer security flaw. Heartbleed is a point of weakness in a key piece of security technology used by more than 500,000 websites that had been exposing online passwords and other sensitive data to potential theft for more than two years.
And during the Target credit data breach last year, hackers stole about 40 million debit and credit card numbers and personal information for 70 million people.
Shares of eBay Inc. fell 13 cents to $51.83 in Wednesday afternoon trading.
Statement as posted on the company website:
On Wednesday, we announced that we are asking all eBay users to change their password. This is because of a cyberattack that compromised our eBay user database, which contained your encrypted password.
Because your password is encrypted (even we don’t know what it is), we believe your eBay account is secure. But we don’t want to take any chances. We take security on eBay very seriously, and we want to ensure that you feel safe and secure buying and selling on eBay. So we think it’s the right thing to do to have you change your password. And we want to remind you that it’s a good idea to always use different passwords for different sites and accounts. If you used your eBay password on other sites, we are encouraging you to change those passwords, too.
Here’s what we recommend you do the next time you visit eBay:
- Take a moment to change your password. You can do this in the “My eBay” section under account settings. This will help further protect you; it’s always a good practice to periodically update your password. Millions of eBay users already have updated their passwords.
- Remember to always use different passwords on different sites and accounts. So if you haven’t done this yet, take the time to do so.
Thanks for your support and cooperation. eBay is your marketplace, and we are committed to keeping it one of the world’s safest places to buy and sell.
President, eBay Marketplaces