eBay officials stated that the database contained encrypted passwords and other non-financial data. However, it was added that confidential personal information was also compromised. According to the report the database, which was originally compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.
After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
How to change your eBay passwordAfter a bit of criticism over the difficulties users faced with finding the right page to change their passwords eBay has simplified the process a bit. However, changing your password still requires a bit more work than most sites. For starters you need to find the right page, located here. Then the company requires a two step process. First they'll either send you a text, phone call or email.
Assuming you selected the email option, eBay sends you a Reset Your Password message. Click the link in the email. That link brings you to a page where you can enter your new eBay password. If you picked the text option instead, eBay displays a form to enter a PIN and texts you that PIN. Type the PIN in the appropriate field on that form, and the page to enter your new password appears.
Why Changing Your eBay Password Still Isn't EnoughGiven the personal information acquired by the breach, changing your eBay password alone isn't good enough. As with most data breaches we see attackers will use that personal information to the fullest extent. So we are likely to see several phishing attempts based on the attack along side several targeted, or 'spearphishing' attacks.
It’s not that difficult for would be attackers to put together a seemingly legitimate email that appears to come from a legitimate business — maybe it won’t be from eBay, but scammers will contact you and impersonate a person or companies you trust as a way of getting you to click on malicious links and share information they can use to commit financial fraud. Given this added threat is extremely important to stay vigilant. Don't blindly open emails and click links. Double check site credentials and make sure they are secured sites before entering any passwords.
Source: eBay Press Release