Change your eBay passwords now!

Popular international e-commerce platform, eBay, recently fell victim to a significant cyber-attack, resulting in a security breach of its database containing encrypted user passwords. Amidst reassurances that no unauthorized access to financial data occurred, eBay still strongly encourages users to change their passwords as a preventative step.

eBay made an official statement to CNET, claiming a breach in its password-secured user database. The company’s representatives underlined that users’ financial data remained safe.

A somewhat puzzling blog post momentarily appeared on the PayPal website— a subsidiary of eBay— entitled ‘eBay, Inc. to Ask All eBay Users to Change Passwords’. Despite the post’s lack of details, it swiftly made the rounds on social media before its sudden removal. A follow-up post from eBay offering a clear explanation of the cyber-attack was promptly put up.

The incident negatively impacted eBay’s stock, with shares dropping by 1.73 percent or 90 cents, to a price of $51.06.

However, comprehensive network testing allowed eBay to confidently guarantee its users that their sensitive financial data, secured in a separate encrypted database, had not been affected. Encouragingly, eBay continually calls for users to change their passwords as a safety measure.

Such incidents underscore the ever-increasing cyber threats and risks, such as the infamous Heartbleed, underlining the importance of robust web security measures. The growing prevalence of high-profile companies succumbing to hacking and data breaches highlights this necessity.

The cyber-attack against eBay originated from compromised employee login credentials, giving cybercriminals access to user data including names, encrypted passwords, email and physical addresses, phone numbers, and birth dates.

eBay discovered the attack, which took place from late February to early March, recently, leading to a detailed forensic investigation to evaluate the extent and impact of the data breach.

Concerns persist that the magnitude of this cyber-attack on eBay might equate to the infamous Target data breach, which jeopardized the personal information of 110 million customers.

With a global user base of 128 million active users, eBay’s response strategy involves urging each user to reset their password. The precise number of affected users remains unknown.

eBay continued to reassure users about the security of their financial information and stated that the data of PayPal customers, secured separately within an encrypted network, remained unaffected by the breach.

Starting from Wednesday, eBay embarked on a widespread communication campaign, leveraging emails, site updates, and other channels, pressing users to modify their passwords and bolster security measures for other accounts with similar credentials.

Updated in 2025 to align with recent developments.