The eBay Hack: What You Need to Do Right Now

Hand with black glove reaches into a computer

Online shopping site eBay (EBAY) is asking its millions of users to reset their account passwords following a cyberattack on servers storing non-financial customer information, the company announced Wednesday.
The breach did not result in unauthorized financial account activity, the company said in a statement, but all consumers with eBay accounts should immediately reset passwords as a security precaution. Users will receive emails today instructing them to do so.

The compromised database contained customer names, encrypted passwords, email addresses, physical addresses, phone numbers and birthdates, so while hackers accessed no financial data, the information is valuable to potential identity thieves. eBay has more than 128 million active users, according to its website.

"The eBay breach illustrates the growing problem with identity theft, which is how ordinary folks are often the real targets of hackers who go after these big companies," said Adam Levin, chairman and co-founder of and Identity Theft 911. "No matter how safe any individual person is with their data, databases like eBay's represent a nearly irresistible source of people's personal information to hackers, rather than going after individuals one by one."

What You Need to Know

The database was breached between late February and early March, which the company discovered after it detected some compromised employee log-in credentials two weeks ago. That investigation revealed the compromised server.

PayPal, a payment processing subsidiary of eBay Inc., wasn't compromised, as PayPal information is stored on servers separate from the affected ones. Credit card and other financial information of eBay users is encrypted and also stored separately.

As with most data breaches, changing passwords is a must. If you use your eBay password to log into other sites, change those, too, and keep in mind the risk of using the same password across many platforms. Considering an email address is often your username for online accounts, the hackers with the eBay data could easily access other accounts using the same credentials or target you via an email phishing scam.

Identity theft should also be a concern among these data breach victims, because your address and date of birth can be helpful for criminals interested in committing tax fraud or opening fraudulent accounts in your name. You should check your free annual credit reports (here's how to do that), as well as monitor your online bank accounts and credit scores, because a sudden and unexpected change in credit score can be an indicator of identity theft.

You can see two of your credit scores for free every month with a account, and you can learn more about the risks of identity theft here.

Increase your money and finance knowledge from home

Economics 101

Intro to economics. But fun.

View Course »

How much house can I afford

Home buying 101, evaluating one of your most important financial decisions.

View Course »

Add a Comment

*0 / 3000 Character Maximum


Filter by:

Sometimes I agree that everyone has his/her own dream, or life aim to achieve. But through the years of life full of studying、working、etc,

May 22 2014 at 9:44 PM Report abuse rate up rate down Reply

I think E-Bay & Facebook & all similar websites need to eliminate any & ALL accounts that have been inactive for a long period of time. Folks who are deceased, folks who try a website for a short time & then abandon it without bothering to delete it, folks who forget their login passwords & then abandon their accounts in favor of starting a new account. I believe these accounts are wide open & targeted by hackers because if nobody is monitoring them then no one would be the wiser.

May 22 2014 at 9:18 AM Report abuse rate up rate down Reply

Let's see... if it's accessible online, it's not secure. How tough it that to understand?

May 21 2014 at 10:29 PM Report abuse rate up rate down Reply
Peg Mierenfeld

canceled my ebay and paypal account.

May 21 2014 at 9:41 PM Report abuse +1 rate up rate down Reply

I stopped bidding on EBay when my AMEX card number was stolen twice. I mean, I live in small town USA why would I be sending ten computers to a place in California? Or Australia? Luckily AMEX knows my habits. It's a good idea, but this happened to me years and years ago. Learned my lesson.

May 21 2014 at 9:40 PM Report abuse +1 rate up rate down Reply

I'm always reminded of the story I heard about a victim finding a hackers location. The news report said the victim took an axe to the hacker's servers doing $100's of thousands in damage. When victims get even it should make the crooks shudder in fear.

May 21 2014 at 5:19 PM Report abuse +2 rate up rate down Reply

The Trade Dealers are hacking your jobs, your past and your future.

May 21 2014 at 4:55 PM Report abuse rate up rate down Reply

Dump e-bay and all on line merchants!

May 21 2014 at 4:53 PM Report abuse +2 rate up rate down Reply

The ebay picture above uses depicts a CRT Monitor. May be you should get Dial up and slow the hackers down?

May 21 2014 at 4:44 PM Report abuse +4 rate up rate down Reply

Shame that the EBay stuff was hacked. It's gettting annoying to be changing data so often. It's bad enough when your screen and pw is not recognized by the server. When you enter the info for a change the servers on these sites don't email the new one. I dislike playing " the what happened to my sign in game.

New ebay people use to have to earn so many sales before you could have the buy now option. WIll they claim you new so you have to start all over again the buy now option when selling? Bidders are often pros looking to [psyche you out to get you to lower your rare item's price. Example: You have a unused Fender Guitar stored for 20 years plus. The guitar is one of the early Vintage Guitar shop models produced for a NAM show .after the CBS/Fender Breakup. Somebody might try to get it for a few dollars because you don't have the buy now option at the fair price ect.

May 21 2014 at 4:04 PM Report abuse +1 rate up rate down Reply