eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking
eBay users to change their passwords because of a cyberattack that
compromised a database containing encrypted passwords and other
non-financial data. After conducting extensive tests on its networks,
the company said it has no evidence of the compromise resulting in
unauthorized activity for eBay users, and no evidence of any
unauthorized access to financial or credit card information, which is
stored separately in encrypted formats. However, changing passwords is a
best practice and will help enhance security for eBay users.
Information security and customer data protection are of paramount
importance to eBay Inc., and eBay regrets any inconvenience or concern
that this password reset may cause our customers. We know our customers
trust us with their information, and we take seriously our commitment to
maintaining a safe, secure and trusted global marketplace.
Cyberattackers compromised a small number of employee log-in
credentials, allowing unauthorized access to eBay's corporate network,
the company said. Working with law enforcement and leading security
experts, the company is aggressively investigating the matter and
applying the best forensics tools and practices to protect customers.
The database, which was compromised between late February and early
March, included eBay customers’ name, encrypted password, email address,
physical address, phone number and date of birth. However,
the database did not contain financial information or other confidential
personal information. The company said that the compromised employee
log-in credentials were first detected about two weeks ago. Extensive
forensics subsequently identified the compromised eBay database,
resulting in the company’s announcement today.
The company said it has seen no indication of increased fraudulent
account activity on eBay. The company also said it has no evidence of
unauthorized access or compromises to personal or financial information
for PayPal users. PayPal data is stored separately on a secure network,
and all PayPal financial information is encrypted.
Beginning later today, eBay users will be notified via email, site
communications and other marketing channels to change their password. In
addition to asking users to change their eBay password, the company said
it also is encouraging any eBay user who utilized the same password on
other sites to change those passwords, too. The same password should
never be used across multiple sites or accounts.
About eBay Inc.
eBay Inc. (NASDAQ: EBAY) is a global commerce and payments leader,
providing a robust platform where merchants of all sizes can compete and
win. Founded in 1995 in San Jose, Calif., eBay Inc. connects millions of
buyers and sellers and enabled $205 billion* of commerce volume in 2013.
We do so through eBay, one of the world's largest online marketplaces,
which allows users to buy and sell in nearly every country on earth;
through PayPal, which enables individuals and businesses to securely,
easily and quickly send and receive digital payments; and through eBay
Enterprise, which enables omnichannel commerce, multichannel retailing
and digital marketing for global enterprises in the U.S. and
internationally. We also reach millions through specialized marketplaces
such as StubHub, the world's largest ticket marketplace, and eBay
classifieds sites, which together have a presence in more than 1,000
cities around the world. For more information about the company and its
global portfolio of online brands, visit www.ebayinc.com.
* This adjusted number reflects decision to remove vehicles and real
estate GMV from ongoing total GMV and ECV metrics (previously stated ECV
for 2013 was $212 billion, incorporating vehicles and real estate GMV).
Copyright Business Wire 2014