eBay Announces Security Breach, Hackers Accessed Passwords, Addresses

This afternoon, eBay announced that it had been the victim of a “cyberattack” thart allowed hackers to gain access to users’ encrypted passwords, names, addresses, e-mail addresses, phone numbers and dates of birth. In light of this information, the attorneys at Morgan & Morgan are investigating whether lawsuits can be filed against the company, and want to hear from eBay users who believe their information was stolen.

“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” eBay said in a press release. The company first noticed that some of its employees’ log-in information had been compromised about two weeks ago. Additional investigations revealed that the hackers had gained access to the eBay database between late February and early March 2014, prompting today’s announcement.

After conducting extensive tests on its network, eBay said that it found no evidence of PayPal users’ financial or credit card information being compromised. According to the company, this information is completely encrypted and stored in a separate, secure network.

Even though the hackers did not gain access to financial information, security experts agree that the breach could pose a risk to consumers. Trey Ford, a security strategist with Rapid7, told USA Today that hackers could use passwords to pose as administrators or company representatives.

“Users should be wary of anyone contacting them claiming to be eBay or any other company for that matter,” he said. “Expect an uptick in phishing, do not click links in emails, or discuss anything over the phone.”

The company also said that in an effort to “help enhance security,” it would be contacting users Wednesday afternoon to request that they change their passwords. Those who use the same password for other websites were instructed to change that log-in information, as well, because hackers may attempt to use the same passwords elsewhere to gain additional information.

“It’s part of a trend where criminals are going after credentials,” Avivah Litan, a security analyst for Gartner, told USA Today. “We’ve seen a big rise in the use of stolen passwords at banks. The criminals are cycling through all these passwords they’ve stolen, trying to use them.”

The company is currently working with security experts to further investigate the breach.