EBay is today asking all its users to change their passwords after a cyberattack compromised users’ passwords and other non-financial data.
Here’s what eBay said about the attack.
The incident could have been a lot worse if financial data was kept together with passwords and personal customer information and had been exposed, Lysa Myers, a security researcher at digital protection company, ESET said.
“However, because the database also included eBay users’ name, email address, physical address, phone number and date of birth, this breach does open up the possibility for other types of scams such as phishing attempts,” she said.
Myers warned eBay users to be on high-alert, looking out for suspect messages and avoid clicking on links email.
“Whenever in doubt, go directly to the site by typing its URL into the browser rather than by following links in emails,” she said.
EBay said the hack was the result of a small number of employee log-in credential compromises, something Myers said could indicate the company doesn’t require its staff to use multiple tears of identification.
“This could imply that eBay is not requiring its own employees to use multiple factors of authentication in order to access sensitive customer data. This is both worrying and unfortunately not an uncommon scenario for many organisations,” she said.
“Companies should be setting permissions within the organisation to only those things a user must access in order to do his or her job.”
For eBay users, Myers said now would be a good time to ensure your account is protected by a strong, unique password.
“If you have not yet started using a password manager, this could be a good time, as they can be very helpful in creating and maintaining strong passwords for each online account you use.”
NOW WATCH: Tech Insider videos
Business Insider Emails & Alerts
Site highlights each day to your inbox.