eBay's 128 million active users will find a rude surprise in their inboxes today: News that a cyberattack struck one of the company's databases between late February and early March and compromised important customer data.
The company said the breached database housed customer names, e-mail addresses and physical addresses, phone number, date of birth, and encrypted passwords. No financial information was taken, but the personal information that was swiped sounds like enough to do some damage. eBay didn't say how many of its users were actually impacted by the breach, but all users are advised to change their passwords.
eBay in a Wednesday statement announcing the breach said it found no evidence of fraudulent account activity as a result of the breach, and that its subsidiary PayPal was unaffected by the attack. If you store your financial information with PayPal, you can rest easy (sort of). The payment company has a separate secure network where it keeps your information.
It's unclear whether the breach is related to the Heartbleed bug that exploits a flaw in OpenSSL and leaks data all over the place. eBay said a few employee log-ins were compromised in the breach, so perhaps the hackers were able to phish their way to your information, like they did in the Target hack last year.
eBay on Wednesday will begin e-mailing users about the breach. You should change your password, and if you've used the same password across multiple sites, you should change your passwords en masse.
Pro tip: For service like eBay and PayPal that offer two-factor authentication, you should use it. The PayPal Security Key is a physical card that generates security codes for your PayPal and eBay accounts for added protection. You can also choose to have codes sent to your smartphone, instead. We have a handy guide to turning on PayPal two-factor authentication here.
Sign up for Computerworld eNewsletters.