updated 01:29 pm EDT, Wed May 21, 2014
Account names, e-mails, encrypted passwords accessed in eBay breach
Auction site eBay has asked all its registered users to update their passwords, after a database holding account information was compromised. The breach, which took place between late February and early March, was first detected by the company just two weeks ago, with an internal investigation into what was taken resulting in today's announcement.
The number of affected accounts is unknown, though it is claimed a "small number" of compromised employee log-in credentials were to blame, allowing attackers access to the corporate network. Information accessed include the eBay customers' name, e-mail address, physical address, phone number, date of birth, and an encrypted password, though the database in question did not contain financial information or other confidential personal information.
Since its detection, eBay claims it has seen no indication of increased fraudulent account activity on the site. PayPal, the payment system owned by eBay, claims there to be no evidence of unauthorized access or compromise to personal or financial information for PayPal customers, advising its customer and financial data is encrypted and stored separately from eBay, and that it never shares financial information with merchants, including eBay.
Starting later today, eBay will be sending warning e-mails to its users, along with other notification methods, advising to change their eBay password. The company is also suggesting any user that has the same password on multiple sites to change the password there as well.