From Daily Mail, May 21, 2014:
The eBay database was hacked between late February and early March, giving the hackers access to encrypted passwords and other non-financial data, including eBay customers’ name, encrypted password, email address, home address, phone number and date of birth.
However, eBay says the database did not contain financial information or other confidential personal data.
Cyber attackers accessed the information after obtaining ‘a small number of employee login credentials’.
eBay says it had no evidence of there being unauthorized activity on its members’ accounts. But security experts are warning hackers could still use personal details to commit identity fraud.
eBay became aware of the hack 2 weeks ago but is still unsure exactly how it happened. It is unclear why it has taken eBay so long to make users aware of breach.
The company said it is encouraging any eBay user who used the same password on other sites to change those passwords too.
However, although changing passwords will restrict access to the site, the hackers could still use the stolen information to commit identity fraud.
“That is a serious concern,” Graham Cluely from security firm Sophos told MailOnline. “Obviously they’ve got hold of names, addresses and date of births. All of this can be used to commit identity fraud. What we don’t know at the moment is how strongly eBay has encrypted its passwords and that could be a key issue. If they have your password, and you have the same password for other websites, hackers could access your email, your Amazon account and who knows what else.”
Read more, here.