Earlier today, eBay announced that they had suffered a security breach that exposed user accounts and encrypted passwords. From the eBay announcement:
"eBay Inc. (Nasdaq: EBAY) said beginning later today it will be asking eBay users to change their passwords because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users."
While eBay has indicated that PayPal accounts are not affected, it would not hurt to change these as well.
The University IT Security Office is advising the Duke community to change their eBay password. In addition, if they used that password for any other account, it should be changed there as well. Other steps that can be taken to secure your user accounts include:
- Download and install the LastPass password tool, which provides you with a secure way to store passwords. Duke users can download LastPass free from the OIT website; visit http://oit.duke.edu/software and browse for LastPass.
- Obtain a PayPal Security Key and enable multifactor for eBay and PayPal.
- Never use your Duke password on other sites.