Security breaches at major web sites appear to happen with alarming regularity these days, and another key site has fallen: eBay suffered an attack last week that led to its entire user database being compromised. eBay lost control of data that contained usernames, contact information, and even encrypted passwords.
If you haven't actually visited eBay in the last few days, you might not know about this hack. Several days after the breach, eBay had yet to notify users by email, and some users were quite upset about the silence, taking to sites like Twitter to complain. As of today, there is a notice on the eBay home page about the hack, but many users still haven't been notified by email.
Whether or not you have been officially warned about the hack, you should change your password immediately. Since eBay doesn't make it especially easy to find your password settings, here is how to find the settings:
- Click My eBay (which you'll find in the upper right corner of the page).
- If necessary, sign into eBay when promoted.
- On the My eBay: Summary page, hover over the Account tab and choose Personal Information.
- Click Edit next to the Password link.
From here, you can choose how you want to reset your password -- via email, text, or phone call.
All of the usual rules should apply; create a strong password that is not easily cracked. The password should be at least 8 characters long, include upper and lowercase characters, numbers, and at least one special character.
Once you've accomplished that, you've done the bare minimum to protect yourself. But don't stop there. Do you ever "reuse" passwords at multiple web sites? If you used the same password on eBay and any other sites, you should immediately change the password on those sites as well. That's because hackers could try accessing other sites and services with your email address and eBay password.
And this is a good opportunity to begin using a password manager -- not only can a password manager ensure that you don't repeat passwords across multiple web sites, but they can advise you when data breaches like this occur. For example, many people found out about the eBay hack not from eBay itself, but from password managers like Dashlane, which displayed a warning to its users as a sort of public service announcement to change their eBay password the day after the hack.
Unfortunately, for eBay customers, the worst might yet be to come. Even changing passwords and starting to use a password manager can't change the fact that hackers have made off with the complete user database, including real-world contact information, including phone numbers, mailing addresses, email, and more. That makes eBay customers ripe for phishing attacks and identity theft. Be on guard for unusual communication and keep an eye out for attempts to capitalize on this stolen personal information.