EBay was recently the target of a cyber attack which resulted in theft of a large amount of information. As a result, the company asked users to change their passwords as soon as possible since they counted among the data nabbed by hackers.
In talking with Reuters on Wednesday, spokeswoman Amanda Miller said that the passwords were all encrypted and that EBay didn’t believe that the code was broken to unscramble them. Should the hackers be able to break the code, it would open the door to using accounts to make purchases on eBay as well as gaining sensitive information.
Miller told Reuters that the hackers managed to grab a large chunk of the 145 million records they got access to. The information nabbed included credit card numbers, date of births, and mailing and email addresses. EBay has brought in FireEye Inc.’s Mandiant to assist in investigations. Mandiant is known bringing the Peoples Liberation Army hacking group to public attention back in early 2013.
EBay said that the hackers managed to breach security by getting the passwords for employees. With these credentials, they were able to move about the retailer’s network. The breach was found in earlier this month.
There were questions as to why eBay didn’t send direct notices to users, but the company did post a notice about the attack on the main site. The notice has since been removed and the site is back to its usual retail updates.
As expected in cyber attacks, it’s suggested that eBay users change their passwords. While particular words and/or number combinations will be easier to remember, a longer, somewhat complex password is preferred. It’s also suggested that users not use the same password across different sites. Most sites will tell you about the strength of your password and will have a minimum threshold on characters.
If you fear that you’ll forget your new password—it’s likely—make sure to select “Yes” when your browser prompts you to save the password and save it elsewhere so that you can find it.