The list of big companies that has been hacked by cybercriminals continues to grow, and eBay is the latest addition.
The online auction website announced in May 2014 that a database containing encrypted passwords and other non-financial data was infiltrated by hackers sometime between late February and early March of the same year.
But the cybercriminals may not be able to count this data breach as a total win. While they were able to penetrate eBay’s database of passwords and other personal account information, they were not able to break into its database of financial information, according to the company.
“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” the company wrote in a release.
The compromised eBay database included customers’ names, encrypted passwords, email and postal addresses, phone numbers, and dates of birth. But financial details, such as debit and credit card numbers, and any personal or financial information for PayPal users, were not compromised.
It was likely not for a lack of trying, says Chadd Carr, cyberthreat intelligence expert at C4Cyber, a Gainesville, Virginia-based network security company.
“Like many, eBay uses a segmented framework, essentially compartmentalizing data types as a matter of containment in the event of a breach,” he says. “Subscriber financial data is stored separately from subscriber account information.”
However, while your credit card information may be safe from cybercriminals for now, you still may not completely avoid trouble. According to Carr, cybercriminals can use the type of information that was stolen in the eBay breach to launch mass phishing attacks in an effort to solicit further personal information. If they are able to obtain your Social Security number, credit card information, or other data, your financial life could be at risk.
If you are an eBay user, consider these five tips to help you stay vigilant and protect your personal information:
1. Change your username and password on your eBay account and on any other accounts sharing that username or password. Hackers commonly run lists of usernames and passwords through some automated scripts when attempting to access bank accounts, Carr says. This means if you share your eBay username with your online bank account, for example, your finances could be vulnerable.
The Federal Trade Commission (FTC) suggests being unpredictable with your passwords. Steer clear of words that could easily be guessed, such as your name and date of birth, and use at least 10 characters in all passwords.
2. Be cautious when asked to share your personal information. Do not hand out personal information to someone you don’t know who is soliciting it over email, a text message, social media, or a phone call. The FTC says that legitimate companies won’t ask for bank or credit card information, Social Security numbers, passwords, or other sensitive details through unsecured channels.
Those who bid frequently on eBay should be especially vigilant of related scams.
“A common scam is to target sport memorabilia enthusiasts in an effort to make side deals,” Carr says.
With users’ stolen email addresses, cybercriminals could monitor high-volume bids and email the top bidders, telling them the winner backed out and asking if they are still interested in the item. The victims, assuming the inquiry is authentic, may agree to send a check for an item that never comes.
3. Lock down your social media profiles to friends only.
“Email addresses, mailing addresses, and phone numbers are the foundation of identity theft,” Carr says.
Social media profiles frequently make at least one of these pieces of information easily searchable, and typically they attach it to your real name. Protect yourself by making your profile private and the security settings more restrictive.
4. Check your bank accounts often. Look for any charges you don’t recognize, flag them, and contact your bank immediately. Regardless of whether your information has been compromised, this should be part of anyone’s financial routine.
5. Check your credit report. Because the eBay theft involved personal information rather than financial information, it’s actually more likely that you’ll catch an identity thief through your credit report than your bank account. You are entitled to one free credit report from each of the three national credit bureaus every 12 months at AnnualCreditReport.com. If you’d like more regular access, consider a credit monitoring product.