TECH
21/05/2014 14:40 BST | Updated 21/05/2014 15:59 BST

eBay Alert: Change Your Passwords Says Auction Site After Massive Security Breach

Ebay users, it's that time again: change your password.

The online auction site has advised all of its users to change their passwords after a security breach.

The extent of the breach is unclear at this stage but the only reasonable response is to change your password, and if you've used it on any other sites change those too. It is likely that if you do not change your password, eBay will eventually force you.

eBay will send emails to all of its 120+ million account holders later on Wednesday informing them of the breach.

The site insists that no financial data or credit cards were stolen, but it is possible that you could be at risk unless you change your details.

According to a statement on Business Wire, the breach was discovered two weeks ago but may have taken place as early as February - meaning hackers may have already had months to exploit your details.

The database of stolen details included passwords, names, birthdays, addresses and phone numbers.

ebay logo

In a press statement the site said:

"Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers. We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace."

It added that PayPal data is stored "separately on a secure network" and that all information relating to that service should be safe.

Security expert George Anderson, who is a director at Webroot, said:

“It’s disappointing to see that eBay has waited over two weeks to inform its users of the cyber-attack on the company. However, eBay is certainly not the only organisation who has left time between a breach and its public disclosure. In fact, such practice is becoming a worrying trend - a few weeks ago Orange France was criticised for doing the same.

“Organisations need to accept that hackers don’t discriminate; any company can become a victim, no matter how big or small. As such, the stakes are no longer about keeping your company’s name out of the headlines, but about dealing with the attack effectively and in a timely manner."