On Wednesday, Ebay will ask all users to change their passwords due to a massive cyberattack that hit the encrypted password database. The company says that no financial data that was compromised, and there's no evidence of unauthorized user activity. Either way, you can change your Ebay password right here.
So how did something like this happen to one of the biggest websites on the planet? A website that's responsible for hundreds of billions of dollars worth of transactions every year? Well, the details remain vague, but Ebay says the hackers hit "a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network." And from there, they got access to countless Ebay user accounts.
It's unclear if Ebay knew about the security vulnerability before the attack. (Target knew about their flaw a few months ago, when a data breach affected 110 million customers, and probably made you get a new debit card.) Ebay did say that the breach happened between late February and early March, though the company only detected the breach two weeks ago. Why they waited so long to tell users that their accounts were compromised is also unclear.
But again, according to Ebay's press release, nobody touched your money this time. All they got were each and every "eBay customers' name, encrypted password, email address, physical address, phone number and date of birth." Holy crap that's a lot of personal information. It's easy enough to change your password. It's a lot harder to change your name, physical address, phone number, and date of birth. [Ebay]
Note: As far as we know, the breach did not affect PayPal. You should still change your PayPal password, though, because why the heck not? Your money is in there, and you should keep it safe.