News reports coming out this morning indicate that EBay will be asking all of it’s 112 million users to reset their passwords on the site as soon as possible. We highly recommend you do that, and use a good, hard to guess password that you don’t use anywhere else.
EBay is obviously an incredibly popular site, and emails about needing a password reset on EBay have long been a favorite ruse of email scammers. Today’s email (which may or may not be caught in your spam filter) is actually legit (but you’re going to follow the rules for not getting phished, right? Thought so..)
We’re still waiting on more details from EBay, but at this point it appears that attackers used stolen employee credentials to access the database containing all of the encrypted passwords for all EBay users sometime in February or March. It appears at this point that no confidential information was contained within that database, but it does include usernames, email addresses, phone numbers, and addresses.
Paypal, a sister company of EBay, was not involved in this breach and as of right now there is no indication that this breach has effected PayPal at all.
Although the passwords were encrypted, EBay (and others) believe that sufficient tools exist that the attackers may be able to reverse the encryption. So, better safe than sorry. Oh, and while you’re at it, you don’t use the same email and password to log in to Facebook, do you? Or Twitter? And certainly not any of the financial institutions you do business with, right? Good, just checking. Because you shouldn’t use the same password for everything, right? Right. Good. Glad we got that cleared up.
Now if you’ll excuse me, I have an EBay password to change. And while I’m there, I may as well check on my bid on that Atari 7800. It’s vintage!
Thanks for reading! More updates as they become available!