Online marketplace eBay has released a statement urging eBay users to change their passwords. The company said hackers attacked between late February and early March with login credentials obtained from “a small number” of employees. The hackers then accessed a database containing all user records and copied “a large part” of those credentials. The breach was discovered in early May and eventually disclosed in Wednesday’s statement.
The breach involves stolen email addresses, encrypted passwords, birth dates, mailing addresses and other information, although eBay says it has not found evidence of unauthorised activity or access to financial information. The company says financial data was not affected, pointing out that credit card information (including PayPal) is encrypted and stored on a separate database. <source>
Regardless, eBay users should change their account password as soon as possible, and on any other sites where the same password has been utilized.
eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too