3aIT Blog

eBay is the latest in a long line of companies to have had user data stolen. This has potentially affected all of their 145 million users.

Password data was stolen as part of this breach. This password data was encrypted, although the level on encryption is unknown. eBay has enforced a systemwide password reset for all users to mitigate this theft. We would also advise changing your password on any website or system that shares your old eBay password - especially if this shares a username or email address with your eBay account as well.

Also, beware of any spam / phishing emails purporting to be from eBay exploiting this news. No emails from eBay about this situation will contain links or file attachments to reset your password. Go directly to the ebay site in your browser and login as usual, and you will be prompted for a new password.

This breach was performed sometime around the beginning of March. The attackers used employee login details to access the company's database. The company only became aware of this recently, at which point they offered a statement. However, many users complained that they first heard about this breach from the media rather than from eBay themselves, and that they continued to be very slow to inform customers directly about the breach and the implications it will have on them.