eBay makes users change their passwords after hack

EBay The compromised database contained names, passwords and other personal information

Related Stories

Online marketplace eBay is forcing users to change their passwords after a cyber-attack compromised its systems.

The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.

The company added that it had no evidence of there being unauthorised activity on its members' accounts.

However, it said that changing the passwords was "best practice and will help enhance security for eBay users".

The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.

It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.

A spokesman added that the firm's engineers were in the process of rolling out a feature that would oblige members to choose new passwords when they next logged in, which should be live in each of the countries eBay operated in by the end of the day.

Rory Cellan-Jones: EBay has advised customers to change passwords

Stolen credentials

A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago.

"The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.

"However, the database did not contain financial information or other confidential personal information.

"Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."

Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed.

It added that any members who used the same login details used on eBay for other sites should also update them.

EBay has not provided any information about the kind of encryption it used.

One expert said there was still a concern that the hackers might be able to make use of their haul.

"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.

"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."

Password Tips

Security expert Alan Woodward offers this advice:

  • Don't choose one obviously associated with you: Hackers can find out a lot about you from social media so if they are targeting you specifically and you choose, say, your pet's name you're in trouble.
  • Choose words that don't appear in a dictionary: Hackers can precalculate the encrypted forms of whole dictionaries and easily reverse engineer your password.
  • Use a mixture of unusual characters: You can use a word or phrase that you can easily remember but where characters are substituted, eg, Myd0gha2B1g3ars!
  • Have different passwords for different sites and systems: If hackers compromise one system you do not want them having the key to unlock all your other accounts.
  • Keep them safely: With multiple passwords it is tempting to write them down and carry them around with you. Better to use some form of secure password vault on your phone.

Rory Cellan-Jones looks at ways to manage strong online passwords


More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 347.

    80 guttersnipe,
    as long as eBay got their cut I'm sure they'd be glad to let the hacker sell the passwords and personal information. They could see them back to the owners on their main sight and to organized crime syndicates on their shadow site. Ci-ching.

  • rate this

    Comment number 346.

    @339 - Frank yes i read the frequent change and again with it being a viable option and good common practice this still is nothing to do with the fact their DATABASE was cracked,this means regardless of any current changes they have the latest version thankfully i use a different password for absolutely every thing i use so its not an issue however ebay and paypal have been full of flaws for years

  • rate this

    Comment number 345.

    Brilliant, I've just got an email from ebay telling me that I can link my Nectar account with my ebay account if I sign in online which will obviously give the hackers my passwords and bank details.

    Aye right...............

    Ebay also control Paypal so we are all done already since when you log in, they will be able to see your details!!

    Back to the good old cheque..............

  • rate this

    Comment number 344.

    No names here, but some systems are picky about the characters they accept. I try to add punctuation marks. Some sites can reject them. My old ADSL modem won't accept my new ISP password, but luckily I took the chance to get a new box.

    I do keep a written list, kept safely at home. How much do you want to rely on your computer never breaking?

  • rate this

    Comment number 343.

    I looked in the mirror yesterday morning and - darn it! - I forgot my password. My wife couldn't help me - she's forgotten hers too. Now neither of us can actually see ourselves. Good job we still see each other - no passwords needed there. She always knows what I'm up to, and I know that. It's something to do with trust and a lot to do with love. Maybe that's something you can't hack into.


Comments 5 of 347


More Technology stories


Features & Analysis

BBC Future

(US Navy)

The world’s noisiest spy plane

The Soviet giant that still soldiers on


  • A bicycle with a Copenhagen WheelClick Watch

    The wheel giving push bikes an extra boost by turning them into smart electric hybrids

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.