At the moment, eBay believes that no financial information was accessed. This means that any payment methods, including eBay-owned PayPal services, should be secure. Still, the company is insisting that all users change their passwords immediately to protect their accounts. This is even more important for merchants and those who have stored PayPal and credit card information in eBay to “one-click” pay for an item.
This report comes after a blog was posted to PayPal’s official website titled “eBay, Inc. Asked All eBay Users to Change Passwords.” When the blog link was clicked, the page was blank, causing further panic in eBay and PayPal users alike. Later that day, eBay posted their own version of the blog, which can be read here. The blog states that the hack happened during late February or early March. Login credentials of employees were first compromised, which is what led to the leak of user data. This went undetected until about two weeks ago.
The auction website also stated that all of the information stored on PayPal is safe as it is stored in a different location and is encrypted. However, information that was compromised on eBay’s website includes email addresses, physical addresses, phone numbers, names, usernames, and passwords. So if the username and password for your PayPal is the same as that of your eBay account, change that password immediately as well.
As of now, eBay is working with law enforcement and experts to ensure that this not only never happens again, but that financial data is even better protected after the breach.
For commonly asked questions, eBay has composed another FAQ blog located here.