Earlier today, eBay announced it had been the victim of a cyberattack where some encrypted non-fiancial information had been put at risk.
As a precaution eBay also announced that all users should change their passwords.
eBay have published a great deal more information about the cyberattack since then including more detailed info on what to do about it, some frequently asked questions and specific information for sellers.
There are a few things that leap out. Firstly, the cyberattack occurred maybe as long ago as February, which is quite astonishing. Have they been sitting on it since then or have they only just twigged? Either explanation is far from ideal
Next, the PayPal systems were not compromised but that is not necessarily that comforting because I bet that plenty of eBay users use the same passwords on both eBay and PayPal and likely other sites.
Third, eBay is going to force everyone to change their passwords and that’s going to cause some disruption. eBay has put together some specific info for sellers to address the concerns there. See below.
But the the issue at stake is confidence and a lot of that depends on how much you trust eBay. Personally, I take them at their word on this one and at least salute the fact they have gone public despite the possible flak. But this is going to scare some people away, probably buyers.
Even if it was possible to sweep it under the carpet, which I suspect it wasn’t, tackling the issue head-on and proactively is the decent thing to do.
Doubless the tech community will debate what’s what and why extensively but in the meantime it’s an opportunity to reasses your password practices for the better. And that’s no bad thing.