eBay issued an official declaration on Wednesday, May 21, 2014 that one of its databases had been hacked. The worst part? This database, which housed users’ passwords, was compromised. But, there is a silver lining to all of this – no information has been stolen.
None that they know of, anyway. The auctioning website is still cautioning users to change their passwords in light of the attack.
Earlier Wednesday morning, PayPal (owned by eBay) posted a blog article asking users to change their passwords as soon as possible. For reasons unknown, PayPal’s article was promptly removed after being posted for a only few hours. This caused confusion among users, but the hack was later confirmed via an official statement from eBay on their site.
Apparently, the attack was detected two weeks ago, at which point eBay began to investigate the origins of the attack and how it took place. They discovered that the attackers had compromised several employee log-in credentials, which allowed them to access the auction house’s corporate network. The database, compromised sometime between late February and early March, held not only customers’ names, but also their encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth – literally everything that a hacker would need to access someone’s account or steal their identity.
eBay says, “After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing your passwords is a best practice and will help enhance security for eBay users.”