Industry Trends

eBay Breached; Passwords Stolen. Change your eBay Passwords!

By Richard Henderson | May 21, 2014

eBay announced today that a breach of their systems has led to the loss of files containing encrypted copies of their users' passwords.

At the moment, it's not known how those passwords were encrypted. Of course, it's hoped that each password was individually salted in order to make decryption much more difficult. Other information stolen in the breach include names, email addresses, home addresses, phone numbers and dates of birth.

eBay's payment arm, PayPal claims to have been unaffected by the attack, and that PayPal data is "...encrypted and stored separately, and... never share(d) with... eBay."

What we currently know about the attack is that attackers obtained a number of employee credentials between February and March that were then used to gain network access.

While technical details of the credential theft is not known at this time, it's a good bet that like other similar penetrations in the past, employees fell for specially-crafted spearphishing emails designed to capture credentials.

Even if your eBay passwords are unable to be decrypted, it's important to recognize that the other stolen information is still of use to attackers. You can likely expect to see phishing emails from attackers claiming to be with eBay trying to get you to login to a fake eBay site to capture your current password.

eBay stated they will send out an email soon requesting you change your password. Please practise safe email/browsing habits and refrain from clicking any link provided in an email... even if you are certain the email is from eBay. Go directly to yourself and change your password. Malware authors and cybercriminals ply their trade on the fact that most people will click on a link in an email. Don't become a victim to a phishing attack.

How to Change Your eBay Password:

  1. Go to (or, .de, .ca, etc.) and login as you normally would.
  2. On the top left corner of the page will be your name. Click on your name to bring up a drop down menu.
  3. Select "Account Settings".
  4. Under "My Account", click "Personal Information". In the main part of the page you will see "Password". Click "Edit". You may have to login again.
  5. The password change page will load. Enter your old password and a new, more secure password.

If you use the same password on eBay that you're using elsewhere: change that one, too. Maybe it's a good time to transition over to a password management program that will generate more secure passwords?

Finally, now that all of the mania surrounding Heartbleed has subsided, have you changed all your other passwords as well? Don't put it off; make a point of carving out an hour from your normal Netflix watching and Facebook browsing and change all your passwords.

Join the Discussion