Notifications

EBay 'cyberattack' prompts password change warning

E-commerce giant eBay Inc. is asking customers to change their passwords after a recent hack that the company says exposed customer names and passwords, but didn't manage to steal any financial information.

Company says no finanial information was stolen, but warns customers to change passwords

When eBay announced it had been hacked and personal info was compromised, the advice for shoppers remained the same: change your password 3:05

E-commerce giant eBay Inc. is asking customers to change their passwords after a recent hack that the company says exposed customer names and passwords, but didn't manage to steal any financial information.

The company says the attack happened between February and March when hackers accessed a database containing customer names, encrypted passwords, email addresses, birth dates, physical addresses and phone numbers.

"Beginning later today [Wednesday] it will be asking eBay users to change their passwords because of a cyberattack," eBay said in a statement.

"The compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today."

PayPal not affected

The company says it has found no evidence of any unauthorized access to financial or credit card information, or any fraudulent sales activity connected to the breach.

EBay says it has an "active investigation" into the matter and is working with law authorities, and as such can't comment on the number of customer accounts affected. For now, it is urging all customers to change their passwords as a precaution.

The company also owns electronic payment service PayPal, but eBay says there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.

The breach comes on the heels of several high-profile online security scandals at other companies, including Target, which exposed the customer data for 70 million people last fall. And in March, a worldwide web bug known as Heartbleed left as many half a million websites vulnerable to being hacked because of a flaw in a commonly used source code known as Open SSL.

Ken Owen, a cybersecurity expert at McMaster University in Hamilton, Ont., says eBay's just the lastest victim of a round of cyberattacks that are likely to become more and more common. 

"It's better to take it on the chin and let people know that there's a problem than to try and disguise it," he says. "Every aspect of your business is tied to information technology now … so, you're always vulnerable in that sense."

"You have to stay on top of this all the time," he says.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.