eBay will begin the process of asking its entire user base to change their passwords due to hackers gaining access to a database containing encrypted passwords and other non-financial data.
The company detailed the decision in an announcement today, adding that while there was “no evidence of the compromise resulting in unauthorized activity for eBay users”, it’s “best practice” to request that all users change their passwords.
eBay confirmed that credit card information is stored separately in encrypted formats, and as such wasn’t revealed during the intrusion.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” the company said.
As it turns out, the breach occurred between late February and early March, and left customers’ names, encrypted passwords, email addresses, their physical address, phone number and date of birth exposed.
The attackers managed to gain access to the server holding the information by compromising “a small number” of employee log-ins, which then allowed access to eBay’s corporate network.
eBay reassured that it has seen “no evidence of unauthorized access or compromises to personal or financial information for PayPal users” either.
Starting today, it’ll start telling customers to reset their passwords via email, on-site messages and other channels, but there’s really no time like the present.