Hackers breached eBay’s defenses by breaking into employee accounts that allowed allowed them access to eBay’s corporate network, the company disclosed Wednesday. From there, the hackers stole information from an unspecified number of users.
The attackers gained encrypted passwords and other non-financial data, but eBay says they found no evidence of unauthorized access to eBay accounts, credit cards or financial information.
Still, eBay recommends that all users change their login credentials as soon as possible. If you use the same username and password across different websites, it would be smart to change them all and vary them as much as possible to avoid collateral damage.
“Extensive forensic research has shown no evidence of unauthorized access or compromise to personal or financial information for PayPal customers," a spokesperson for PayPal, an eBay subsidiary, told EcommerceBytes after the attack. “PayPal customer and financial data is encrypted and stored separately.”
EBay is currently working with police and forensic security experts to investigate the breach.