E-commerce marketplace eBay has asked its users world over to change their password following a breach of its system. The service is now blocking users in India while making purchases and forcing them to change passwords as a “precautionary measure” following the attack. It also has a big warning on its homepage asking shoppers and merchants to reset the password.
The attackers compromised log-in credentials of a small number of employee, to gain unauthorized access to eBay’s corporate network.
Devin Wenig, President, eBay Marketplaces said in a statement that the attack occurred between late February and early March. “It resulted in unauthorized access to a database of eBay users that includes customers’ name, encrypted password, email address, physical address, phone number and date of birth,” the statement read. However, the database did not contain the financial information of its 145 million users. eBay says that it has no evidence to believe that the attack affected PayPal accounts or any financial information. Those details are encrypted and stored on a separate secure network.
An eBay spokesperson told MediaNama that the company has started forcing eBay users and merchants to change passwords, instead of just sending out an email warning about the breach. It has launched an investigation into the issue, but till now there hasn’t been any fraudulent use of the data. The company has also requested users to reset password on any other site where they may have used the same password.