If you have an eBay account, it's time to change your password. The company released a statement today saying its internal and customer databases were compromised earlier this year, and starting today it will prompt everyone to change their passwords.
Attackers made off with names, addresses, email addresses, phone numbers, birth dates, and of course, encrypted passwords. eBay explained that financial info including credit card numbers and other sensitive data (like PayPal account details) are kept in a separate encrypted database which wasn't compromised. They also said they have found no evidence of unauthorised access or activity by registered eBay users — which is code for "we don't think anyone's used these passwords yet". According to the statement, intruders compromised employee accounts first, and used their access to get the data they really wanted. eBay discovered the breach about two weeks ago, but the actual attack took place back in late February and early March.
To change your eBay password, log into your account, then click your name in the upper left corner. Select Account Settings. Click "Personal Information" or "Business Information" on the left side of the page, and "edit" next to your password.
As always, if you use the same password on multiple sites, first, change those too, and second, stop using the same password on multiple sites. Instead, use a password manager that generates and remembers strong passwords for all the sites you use around the web. You can read eBay's full statement at the link below.