Two of the state’s top lawyers are urging Connecticut consumers who use eBay to change their passwords as soon as possible in light of a cyberattack on the online market place.
Attorney General George Jepsen and state Department of Consumer Protection Commissioner William Rubenstein said that eBay announced on May 21 that the cyberattack had compromised a database of encrypted passwords and other non-financial data.
There are about 660,000 active eBay users in Connecticut, the company says, though it is not clear how many may be impacted by the breach. The online company will send emails to all their users, and customers will be prompted to change their password upon signing into their eBay account.
“My office will be looking into the circumstances surrounding this breach as well as the steps eBay is taking to prevent any future incidents,” said Jepsen. “However, the most important step for consumers to take right now is to change their password and to choose a strong, unique password that is not easily guessed.”
It’s likely that Jepsen’s office won’t be the only one looking into the eBay breach. Several technology-oriented websites are reporting that while eBay’s data breach reportedly started three months ago, the company detected it only two weeks ago, and didn’t inform the public until May 21.
The eBay breach has exposed customer names, email addresses, physical addresses, phone numbers, and birthdays — all of which had not been encrypted. Financial information, which had been encrypted on PayPal, was apparently not affected
The attack on eBay affected 233 million accounts. That makes it much larger than the attack on Target last December, which resulted in the theft from the retalier of approximately 40 million credit card records and 110 million personal data records
Rubenstein said that anyone “who had been using their eBay password for other internet or email accounts should immediately assign different passwords for those accounts to protect them from being accessed through this breach. While it’s not recommended, many people use the same password over and over. Recent massive data breaches underline the importance of personal password management — keep your passwords unique for each account.”
The Attorney General’s Office and Department of Consumer Protection recommend that all consumers regularly change passwords and PIN numbers, whenever possible, to help protect personal and financial information. They also advise consumers to beware so-called “phishing” scam emails in the wake of the breach and avoid clicking on links or opening attachments on any unsolicited emails.
Assistant Attorney General Matthew Fitzsimmons, head of the Attorney General’s Privacy Task Force, is assisting Jepsen with this matter.