Online auction site eBay is warning its users to change their passwords following a cyberattack that compromised a database containing encrypted passwords and other non-financial data. While the company says it sees no evidence that the compromise has resulted in any unauthorized activity, or any evidence that the bad guys were able to access any users’ financial or credit card info, the company still asks that all users change their passwords as a precaution.
The database was compromised between late February and early March, and included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” the company said in a statement released this morning. “We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
eBay will be notifying users via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too. (Never use the same password across multiple sites or accounts.)