New York's attorney general has asked eBay to provide free credit monitoring for all its 145 million users, Reuters has reported.
A cyber security expert has given this step by step guide on what to do after the eBay attack.
Step 1: Password change
– Immediately change your password. See Ntegra's recommendations on strong passwords by clicking here.
Step 2: Change other accounts using the same credentials
- If you use the same username and/or password elsewhere, change your password there also.
Step 3: Check your delivery address
- Check your delivery addresses on eBay for fraudulent addresses, a hacker could use your account and have goods delivered elsewhere. Delete unused addresses immediately.
With thanks to Ntegra.
Since our report last night many eBay users have contacted me to say they have been unable to change their passwords - they are finding the eBay system is overwhelmed.
This morning I put this issue to eBay who tells me:
"We know that customers are concerned, and want us to fix this issue straight away, and we are working hard to do just that.
Our first priority is and always has been to protect our user’s information and ensure we correctly deal with the technical challenges such a situation brings, and that is why as a first step we have requested all users change their passwords.
Other steps, including email notification, will follow and we will ensure all eBay users have changed their passwords over the coming days."
E-commerce site eBay has urged its users to change their passwords after the website's database, which contained names and contact details of customers, was compromised by hackers.
In a statement eBay insisted that there was "no evidence that financial information was accessed."
ITV News' Consumer Editor Chris Choi reports:
Michela Menting, cybersecurity director at technology market experts ABI Research has suggested that hackers gained eBay credentials through "social engineering," a type of psychological manipulation to get people to divulge confidential information.
Menting said: "Finally I think their timely public announcement - two weeks after discovery - helps to reassure not only public opinion, but also their own brand reputation.
"Transparency when dealing with incident response for an event that has affected customers, in this case millions, is highly commendable - it means that eBay takes security seriously."
PayPal have said in a statement that "extensive forensic research" has shown "no evidence of unauthorized access or compromise to personal or financial information for PayPal customers."
eBay users asked to reset password as a precaution. PayPal account information has NOT been accessed or compromised. http://t.co/0MQhclFJly
They also stated that PayPal never shares financial information with merchants, "including eBay" and that it encourages any eBay user who used the same password on other sites to change those too.
In a statement on the eBay website, the company has said it has "no evidence of the compromise resulting in unauthorised activity for eBay users."
They also said that there has been "no unauthorised access to financial or credit card information which is stored separately in encrypted formats".
eBay has no evidence of unauthorized access to credit card or financial info of eBay users. More: http://t.co/as09EdsCBv
The firm did reiterate that changing passwords is a "best practice and will help enhance security for eBay users".
Cyber attackers have accessed eBay customers' names and contact details, the company said in a statement.
eBay said: "The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.
"However, the database did not contain financial information or other confidential personal information."
The online auction site said evidence of the hack was first detected about two weeks ago, but it was now making the announcement after "extensive forensics".
eBay has urged its users to change their passwords after the website was hit with a huge data breach.
In a statement, the online auction site said a cyberattack had "compromised a database containing encrypted passwords and other non-financial data".
Cyberattackers hacked employee log-in credentials, allowing them access to the company's corporate network.
Tests so far show no evidence of unauthorised activity by users or access to financial or credit card information, eBay said.