An eBay hack has left the online auction site asking all of its registered users to change their password, after its databases were compromised and encrypted login details stolen. Investigation of the hack, eBay says, shows no signs that credit card or other financial information was obtained, but instead a broad selection of personal data including physical address and phone number.
The database also contained the customer’s name, their email address, and phone number, as well as their password in encrypted format.
Financial information, along with credit card details, are kept separately on a different server, however, and eBay says that its own investigations following the hack – which is believed to have happened in late February or early March – show no signs that these have been tampered with. Meanwhile, PayPal information is also believed to be safe.
“PayPal data is stored separately on a secure network,” eBay said today in a statement, “and all PayPal financial information is encrypted.”
eBay will be notifying all registered users to change their passwords today, and points out that if you used the same login on other sites and services, those should be changed too.
Exactly how the hack took place is unclear at this stage. eBay is working with investigators to figure that out, though says that fraud levels on the auction site haven’t increased since the data was taken.
However, the extra personal information in the wild could lead to more phishing attempts, and users would be well to be wary of any unsolicited mail – physical or electronic – and who they’re asked to share payment or other personal details with.