eBay are asking customers to change passwords after their systems were compromised. To date there is no evidence of illegal or suspicious activity on members accounts however it said that password changes are best practice to increase security for its users. eBay engineers are currently rolling out a feature that asks customers to change their passwords when they log in to their account. This feature should go live worldwide on 22nd May 2014.The cyber attackers obtained customer names, postal addresses, email addresses, contact numbers, birth dates and passwords. eBay explained that more sensitive information such as credit card information is stored in a separate database which has not been compromised. The breach was actually discovered around two weeks ago from an attack that took place in February 2014, which raises the question, how long have customer accounts been exposed and why has it taken them so long to report the issue.
The attack is thought to have arisen when a number of eBay employee's network credentials were compromised. eBay are working with law enforcement agencies and consultants to catch the culprits.