This week, eBay asked its 112 million users to change their passwords.
As a best practice, the Better Business Bureau is reminding consumers to change their passwords for eBay as well as on other sites.
“The same password should never be used across multiple sites or accounts,” Mechele Mills, president and chief executive officer of BBB Serving Central East Texas, said in a prepared statement. “Using different passwords on different sites and changing them often may make it difficult for the user, but it also makes it more difficult for cybercriminals.”
In February through early March, cyber attackers gained access to the eBay corporate network by compromising a small number of employee login credentials, allowing unauthorized access to eBay’s corporate network. While the compromised database included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth, the database did not contain financial information or other confidential personal information.
The company reported that it has seen no indication of increased fraudulent account activity on eBay. There also seems to be no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted. The company is currently working with law enforcement and leading security experts to further investigate the matter and protect customers.
On Thursday, BBB offered advice for what to do if notified that your information has been compromised in a data breach:
n Take any notifications of a possible data breach seriously. Most companies will set up a hotline to address concerns and answer questions.
n Change your password quickly.
n Use strong passwords. It is important that passwords are at least 10 characters and contain a mix of upper and lowercase letters, numbers, and symbols. Try to be unpredictable — don’t use your name, birth date or common words.
n Don’t use the same password on multiple sites, change passwords at least every six months and opt in for two-step verification when available.
n Beware of scammers. A widely publicized data breach such as this affords crooks the opportunity to contact you pretending to be from eBay, your bank, or credit card issuer, phishing for information.
n Never provide financial or other confidential information in response to an unsolicited email. Don’t click on links or download attachments.
For more information, go to bbb.org. To report fraudulent activity, call the BBB Hotline at 903-581-8373.