In a posting on the company’s website, eBay said a cyber-attack “compromised a database containing encrypted passwords and other non-financial data.”
eBay has stated that they find “no evidence of any unauthorized access to financial or credit card information”, and that PayPal has not been affected by this breach as that information is stored on a separate network from eBay.
The password change is only to provide the best possible protection against the breach, and at the password data that was removed from eBay’s systems was encrypted. There is no indication on when or if this encryption will be broken by the hackers, which is why it is best to change your password. If you used your eBay password on any other site, you should also change the password on those sites as well.
eBay found that the breach took place “between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”
This brings me back to my point of stressing the usage of password managers, such as 1Password, Keepass, and others to manage complex and unique passwords for all your websites. Also any site that supports two-factor authentication should be used as even if a hacker were to obtain your password on this site they would still not be able to gain access without your security code which is generally sent to your smart phone.