Who We Are

What We Do

Resources

Geoff Greenwood, Communications Director
515-281-6699, geoff.greenwood@iowa.gov
FOR IMMEDIATE RELEASE, May 21, 2014

Consumer Alert: Miller Urges eBay Users to
Change Passwords

E-commerce company discloses data breach
of passwords & non-financial customer data

(DES MOINES, Iowa)  Attorney General Tom Miller urged eBay users to change their passwords after the e-commerce company reported that criminal hackers infiltrated its system and compromised non-financial customer data, including passwords.

According to an eBay Inc. statement, the “cyberattack” took place between late February and early March.  The breach compromised eBay customers’ names, passwords, dates of birth, email addresses, physical addresses, and phone numbers.

The company has found “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats,” according to the statement.

A similar statement issued by PayPal, eBay’s online pay service, indicated there is “no evidence of unauthorized access or compromise to personal or financial information for PayPal customers.”

Miller urges eBay customers to change their eBay passwords, and those who use the same password to access other sites, including PayPal, to change those as well.

“It’s likely that many consumers use the same password for several online accounts, including websites that allow access to money and credit cards,” Miller said.  “If that’s the case,” Miller added, “it’s possible that someone could use passwords they stole from eBay on another site that allows access to bank or credit card accounts.  Don’t chance it—change those passwords.”

Miller noted that using the same password for more than one account causes greater risk to the user when the password is exposed or stolen.

Miller also urged consumers to prepare for the possibility that scammers may try to take advantage of the situation through emails that purport to come from eBay and seek to “verify” user names and passwords.  These types of emails, called phishing attempts, often require the recipient to click on a link.  The link could direct users to a “spoofed” or look-alike site where criminals collect user information, or could even result in exposing the user’s computer or device to malware.

Users should not click on those links and should not provide sensitive information based on an inbound email.  Rather, users should access eBay directly through their browser and manage their account through the company website.

###