By Donna Tapellini Published May 21, 2014 Consumer Reports
After discovering that one of its customer databases had been hacked, eBay said in a blog on its site that it will ask its users today to change their passwords.
The database contained customer names, e-mail and physical addresses, phone numbers, birthdates, and encrypted passwords. eBay says there was no financial information in the hacked database, and that there was no evidence that any unauthorized activity had taken place. It also said there was no sign that PayPal, which is owned by eBay, had been compromised.
As of this morning, there was also no indication on eBay’s home page that the compromise had occurred. The announcement was made on eBay’s corporate blog, which has a small link at the bottom of the page in the style generally used to link to corporate sites. A user who hadn’t seen the news elsewhere could easily not know anything about the hack. As an eBay user myself, as of 11 a.m. (EDT) today, I had not received an e-mail from eBay telling me to change my password because of the attack.
For more tips on staying safe online, check out our Internet security guide.
The database was hacked in late February or early March, according to eBay. The unauthorized access was possible because the log-in credentials of a number of eBay employees had also been compromised, an issue the company discovered “about two weeks ago,” it said in its blog about the hack.
If you’re one of eBay’s 128 million customers and you haven’t yet received an e-mail notification, it’s still a smart move to change your password now (learn how tohack-proof your passwords. In fact, you should change all your passwords regularly. And we strongly advise that you not use the same usernames and passwords on multiple website accounts.