Watch above: Robin Gill reports on what the eBay hackers got access to and how it could affect you.
TORONTO – E-commerce website eBay is asking all users to change their account passwords after a cyberattack compromised its database containing encrypted passwords.
In a statement released Wednesday, the company said there appears to be no unauthorized activity on customer’s accounts and there is no evidence that financial or credit card information was stolen.
The company, who owns electronic payment service PayPal, added that there has been no evidence of unauthorized access to PayPal accounts. PayPal data is stored on a separate secure network where all financial information is encrypted, according to eBay.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” read the statement.
“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
Because the investigation into the attack is ongoing, eBay said it cannot comment on the number of accounts that have been affected by the breach, but said the number could be large.
The hack took place between late February and early March, but compromised employee log-in credentials weren’t detected two weeks ago. Further investigation revealed the compromised database, which contained customers’ email addresses, encrypted passwords, home addresses, phone numbers and date of birth.
EBay is encouraging users to change their passwords as soon as possible.
Users should also change the password to any accounts that used the same password as their eBay account for good measure.
Tips for creating a more secure password
Most cyber security experts recommend using passwords that are up to ten characters in length, with a mix of upper- and lower-case letters and numbers. These types of passwords are proven to be more secure – despite being hard to remember.
One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
READ MORE: How to create a more secure password
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices.
Similarly, the longer the password the better.
Another way to ensure better security on your online account is to enable two-step authentication on sites that allow it. Many websites allow users to set their accounts so that a text message containing a secondary login code is sent to their phone every time they log in to their account.