eBay Inc., the well-known digital auction house where users can purchase anything from concert memorabilia to an automobile, announced on Wednesday that the company suffered a cyberattack. The attack that occurred in late February and early March (but was first discovered 2 weeks ago), compromised a database containing encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, according to the company’s official public statement.
eBay is urging its 150 million active users to change their passwords immediately. The company said there’s no evidence that the compromise has led to unauthorized activity on user accounts. Nor has the breach given hackers access to financial data, which is stored and encrypted on a separate database. Finally, no information used on PayPal, a subsidiary of eBay Inc. that allows for hassle free payments online, was compromised.
The attack was first detected two weeks ago after a “small number of employee login credentials” were stolen by hackers. This initial attack gave hackers access to the company’s corporate network.
If you’re an eBay user (or if you’ve ever registered for the service), there are a few things you should do to protect yourself:
- Change your password immediately. While the stolen passwords are encrypted, they can still be exposed through decryption programs. Your password on eBay needs to be changed. Your new password should be at least 14 characters in length and use a combination of upper and lowercase letters, numbers and symbols. If you use the same password for multiple websites, be sure to change those site passwords as well. For more information on how to create strong passwords, go to www.passworday.org.
- Keep an eye out for phishing scams. User email addresses were also compromised in the breach, which means that hackers may use this opportunity to conduct phishing attacks. A phishing attack is an attempt to trick you into clicking on a malicious link, visit a malicious website, or download a malicious program. Phishing attacks can usually be detected by poor grammar and English syntax in emailed messages and suspicious, unsolicited emails. eBay users should be extra suspicious of any email purporting to be from, or representing, eBay aside from the one email the company will be sending on Wednesday, May 21. For more tips on how to spot a phishing message, watch the video below.
- Track your credit. When breaches like this take place, there’s always a risk for credit fraud. eBay’s compromised database contained names, phone numbers and birthdates—enough for a skilled fraudster to work with. Keep a close eye on your credit and bank statements and contest any charges you didn’t make. It’s also a good idea to watch your credit report.
- Keep an eye out for snail mail and phone fraud. Also, because this breach compromised the physical addresses and phone numbers, this means hackers could also send victims snail mail in order to steal funds. They could also make phone calls claiming to represent credit agencies, eBay, your bank, etc. This cybercriminal strategy is called “social engineering” and it’s becoming increasingly pervasive. Be extra careful when someone claiming to represent a company calls you. If you can, take down their phone number and tell them you’ll call them back after you’ve directly called a company’s customer service line.
- Download comprehensive security software. To help protect yourself from phishing, make sure you have McAfee® SiteAdvisor®, which comes with McAfee LiveSafe™ service for your PC, Mac and Android devices, or you can download it for free. McAfee SiteAdvisor will not only provide a warning message if you navigate to a risky site, but will also provide site rating icons in your browser search results on your computer, to indicate if a link is safe to click or not.