May 22, 2014 - Tyler - Earlier this week, eBay asked all of its 112 million users via email, site communications and other marketing channels to change their password. As a best practice, BBB is reminding consumers to change their passwords for eBay as well as on other sites.
In February through early March, cyber attackers gained access to the eBay corporate network by compromising a small number of employee login credentials, allowing unauthorized access to eBay's corporate network. While the compromised database included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth, the database did not contain financial information or other confidential personal information.
The company said it has seen no indication of increased fraudulent account activity on eBay. There also seems to be no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. The company is currently working with law enforcement and leading security experts to further investigate the matter and protect customers.
“The same password should never be used across multiple sites or accounts”, said Mechele Mills, President and CEO of BBB Serving Central East Texas. “Using different passwords on different sites and changing them often may make it difficult for the user, but it also makes it more difficult for cybercriminals.”
BBB offers the following advice for what to do if you are notified that your information has been compromised in a data breach:
Take any notifications that your information may have been compromised in a data breach seriously. Most companies will set up a hotline to address concerns and answer questions.
Change your password quickly. Do not wait, when a company notifies customers of a data breach situation, it is important to take action immediately.
Use strong passwords. It is important that passwords are at least 10 characters long and contain a mix of upper and lowercase letters, numbers, and symbols. Try to be unpredictable – don’t use your name, birthdate, or common words.
Don't use the same password on multiple sites. Hackers sometimes try using stolen passwords on different websites to gain control of other accounts. Likewise, it is a best practice to change passwords at least every six months and opt in for two-step verification when available.
Beware of scammers. A widely publicized data breach such as this affords crooks the opportunity to contact you pretending to be from eBay, your bank, or credit card issuer, phishing for information.
Never provide financial or other confidential information in response to an unsolicited email. Don’t click on links or download attachments.
For more information on how to be a savvy consumer, go to bbb.org. To report fraudulent activity, please call the BBB Hotline: (903)581-8373.