MCDANIEL CONCERNED ABOUT EBAY SECURITY BREACH
LITTLE ROCK – Attorney General Dustin McDaniel today expressed concern that password information and other consumer data of Internet auction site eBay had been breached in what the company called a “cyberattack.”
EBay announced that nonfinancial information was compromised. That includes such data as encrypted passwords, names, physical addresses, email addresses, phone numbers and dates of birth.
McDaniel said the eBay security breach, which comes a few months after a widespread data breach at Target, demonstrates the need for retailers to strengthen security measures to protect consumers.
“Although these appear to have been sophisticated attacks, I encourage companies to look for better ways to protect consumer information and ensure that their patrons can shop safely and securely,” McDaniel said. “My office has been actively investigating the Target breach, and we are already talking to representatives of eBay to find out how this breach occurred and whether there is any long-term impact on Arkansas consumers.”
McDaniel said eBay users should heed the company’s request that users change their passwords for accessing the site. Representatives of eBay said there is no evidence of unauthorized access to financial and credit card information stored by the company.
“Though it appears that no sensitive financial information was stolen, it is still important for eBay users to take precautions to prevent unauthorized access to their accounts,” McDaniel said.
McDaniel said Internet users should consider changing passwords on every account periodically in order to help prevent identity theft or financial crime. And, if eBay users had the same password on that site as on other websites, then users should change the passwords on other sites as well.
Consumers are encouraged to:
- Create a unique password for each online account to protect against security breaches on multiple sites.
- Make passwords complex, with uppercase letters, lowercase letters, numbers and punctuation marks or special characters.
- Avoid using easy-to-guess information such as names or hometowns in passwords.
- Avoid password security questions about relatives, pets, mother’s maiden name or favorite places to visit, since hackers may be able to find that information on social networking sites.