There’s been an apparently successful cyberattack on eBay. Thanks for pm’ing me, Hank.
eBay issued a statement in which they’re asking users to change their passwords because of an attack which compromised their database of encrypted passwords and non-financial data:
“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers….
“After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.” – ebay
Then, eBay stated:
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.
Sorry, eBay. You had the responsibility to notify back then!
Anyway…change your passwords and try not to choose 123456789. That one’s mine.