On Wednesday, May 21st, eBay revealed that it had experienced a cyber-attack that compromised a database containing encrypted passwords and other non-financial data between late February and early March 2014.
According to ebayinc.com, “Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network.” The compromised database included 145 million eBay users’ name, password, email address, home address, phone number, and birthdate.
What should eBay users do?
eBay is urging all users to change their passwords even though there is currently no evidence of unauthorized access to financial or credit card information. Make sure that you change your password on the email address that is connected to eBay as well. Avoid using the same password for both eBay and your email account.
When changing your password, avoid using commonly guessed names or numbers (birthdays, addresses, phone numbers, words in the dictionary, etc.) for your password. Try using passphrases, which are a string of characters longer than a normal password that include capitalization, punctuation, special characters, and numbers (i.e. i%HEART<3HBT1904).
Be Aware of Phishing Emails or Phone Calls
Unfortunately, with large data breaches like these, hackers take advantage of the news coverage and attempt to contact you with phishing emails or phone calls with the goal of scamming you out of money. Be cautious of unsolicited emails and phone calls from people asking for banking information or other non-public information like Social Security Numbers and help protect yourself with these tips:
- Always perform due diligence when sending sensitive information over the Internet and make sure the website you’re using is legitimate and has adequate security measures.
- Always pay attention to the URL of a website. Malicious websites may look legitimate, but the URL may be misspelled, or have a different domain ending in .net versus .com, etc.
- If you receive an email saying your account will be discontinued unless you confirm personal information, do not reply or click any links in the email.
- Be cautious about opening any attachment or downloading any files from emails you receive regardless of who sent them.
- If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
- Check for anti-phishing features offered by your email client and web browser.
For more up-to-date information about the eBay compromise, please visit ebayinc.com.