On 21 May 2014, eBay, the online shopping website announced that company's systems faced a cyber attack.
This attack compromised a database containing user's encrypted passwords and other details.
According to eBay, the attackers were able to compromise a small handful of employee log in credentials, which allowed them to reach into the secure corporate network.
According to the official announcement, the breach occurred between late february and early march.
Yes! You heard it right. It took more than two months for eBay to announce this mishap. The company said that the compromised employee login credentials were detected two weeks ago, after which extensive forensics were performed which identified the compromised database.
Customer's Name, Encrypted Passwords, Email Address, Physical Address, Phone Number and Date of Birth.
Any financial information like Credit Card, Bank Account details etc. are completely secure and not effected by this breach.
Also, other personal confidential data remains unaffected.
eBay however told that it has not witnessed any increased fraudulent activity on the site pointing to this data breach. Also, the company further said that there was no evidence of any unauthorized access to the financial and personal PayPal data which stored separately in encrypted form.
The company is now investigating the matter along with the law enforcement agencies and security experts.
As eBay suggests and urges, take the following countermeasures immediately:
1. Change your eBay Password ASAP.
2. If you have used the same password elsewhere, do change it there as well.
P.S.: As eBay and everyone else on internet emphasizes, Its never a good idea to use the same password on multiple sites.
Read the official eBay statement here:
eBay Inc. asks users to change their passwords.