Ebay has asked all users to change their passwords due to a massive cyberattack that hit the encrypted password database. The company says that no financial data that was compromised, and there's no evidence of unauthorised user activity.
So how did something like this happen to one of the biggest websites on the planet? A website that's responsible for hundreds of billions of dollars worth of transactions every year? Well, the details remain vague, but ebay says the hackers hit "a small number of employee log-in credentials, allowing unauthorised access to eBay's corporate network." And from there they got access to countless ebay user accounts.
It's unclear if ebay knew about the security vulnerability before the attack. (Target knew about their flaw a few months ago, when a data breach affected 110 million customers, and probably made you get a new debit card.) Ebay did say that the breach happened between late February and early March, although the company only detected the breach two weeks ago. Why they waited so long to tell users that their accounts were compromised is also unclear.
But again, according to ebay's press release, nobody touched your money this time. All they got were each and every "ebay customers' name, encrypted password, email address, physical address, phone number and date of birth." Holy crap that's a lot of personal information. It's easy enough to change your password. It's a lot harder to change your name, physical address, phone number and date of birth. [Business Wire]