Yet another major retailer has an intelligence issue on its hands. eBay, which boasts millions of buyers and sellers on its e-commerce platform, announced Wednesday that it suffered a cyberattack that compromised a database containing encrypted passwords and other data. The company has asked that all users change their passwords, though it insists none of the compromised data was financial, and there is no evidence that PayPal was breached.
From a release: "After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users."
It's also probably a good idea to change your passwords for other accounts as well – and not to use the same password for everything.
So how did this happen, exactly? eBay says the cyberattackers compromised a few employee log-in credentials, allowing them access to a database that included eBay users' names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The breach took place between February and early March and was initially detected two weeks ago.
Although the company is adamant that no credit card or financial information was compromised and that it's "aggressively investigating the matter," the news is still discouraging, given that it's the second data breach this year by a huge retailer.
Fortunately, companies are doing something to stop this sort of problem from recurring. A number of U.S. retailers, including Target, JC Penney, Gap and Walgreens have banded together as part of the Retail Cyber Intelligence Sharing Center to share information about cybersecurity threats in the hopes of preventing future data breaches from happening.