Ebay is set to ask all users to change their passwords due to a massive cyberattack that hit the encrypted password database. The company says that no financial data that was compromised, and there's no evidence of unauthorised user activity. Either way, you change your Ebay password right here.
So how did something like this happen to one of the biggest websites on the planet, a website that's responsible for billions of pounds worth of transactions every year? Well, the details remain vague, but Ebay says the hackers hit "a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network." And from there, they got access to countless Ebay user accounts.
It's unclear if Ebay knew about the security vulnerability before the attack. Ebay did say that the breach happened between late February and early March, though the company only detected the breach two weeks ago. Why they waited so long to tell users that their accounts were compromised is also unclear.
But again, according to Ebay's press release, nobody touched your money this time. All they got were each and every "eBay customers' name, encrypted password, email address, physical address, phone number and date of birth." Holy crap that's a lot of personal information. It's easy enough to change your password. It's a lot harder to change your name, physical address, phone number, and date of birth. [Business Wire]