The eBay data breach: How to protect your account

In the aftermath of a recent breach that infiltrated a database containing user IDs, passwords, and other personal information, eBay has sent an email to customers urging them to change their passwords.

So far, there is no evidence of any fraudulent activity, and credit card numbers are encrypted and stored in a separate database. Notwithstanding, you should immediately take action to safeguard your account if you are an eBay user.

Here’s a list of four things you can do right now to protect yourself:

1. Change Your Password
eBay allows you to use up to 20 characters in your password, which can be comprised of any combination of lower and uppercase letters, numbers, and special characters. I suggest you use a computerized password generator (such as the one that is included in a password manager like LastPass) to generate a new 20 character password that uses all of these elements.

2. If you used your eBay user ID or password for other online accounts, immediately change your login information at those Web sites as well.
Crackers often attempt to use stolen login information at several sites. This is why it’s risky to reuse the same login credentials at multiple Web sites.

3. Do not confirm or provide personal information in response to any email or text message which claims to be from eBay, and NEVER click on any links contained in these messages.
Just this morning, I received a fraudulent email from a party claiming to be eBay which included a link which I was told I could use to change my password. After just a few seconds of research, I learned that if I clicked on the link I would be connected to a server in the Ukraine that was masquerading as eBay. So, when you follow the instructions above to change your eBay login credentials, be sure to manually type “www.ebay.com” into your browser yourself.

4. Review Your Bank and Credit Card Statements Frequently
If you notice any charges that you don’t recognize, contact the fraud department at your bank or card issuer immediately.

Unfortunately, since eBay’s entire user database was compromised, the database infiltration may be just the tip of the iceberg. The attackers obtained the user IDs, passwords, email addresses, phone numbers, and physical addresses of 145 million eBay customers. This means that eBay users are now easy targets for identity theft and phishing attacks. So, it’s probably a good idea to keep an eye on your credit report for any bogus new accounts and beware of any suspicious emails or phone calls that you receive which ask for additional personal information.

As always, feel free to contact me if you you have any questions.

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss