If you have not changed your password since 5/21, do it now.
If you also use the same password for PayPal (which many people do) change your PayPal account password too. In fact, if you use the same password for any other sites (like your bank, email, and social networks), you should consider changing those as well.
The hack involved was simple: they gained access to an Ebay employee account on the corporate network, which gave them access to the user database. The database is encrypted, and so far eBay states that they have not received any reports of user accounts being compromised, so you might not think there is anything to worry about.
The problem is that attacks like these (much like the Target breach recently or the Sony PlayStation event in 2011) follow the same pattern: The hackers copy the database, and then have all the time in the world to crack it. That data is then sold and shared with other groups.
The biggest weakness is that most people use the same passwords on multiple sites. As soon as a hacker has your email and password, they’ll attempt to log into your email and social networks. They won’t do anything that might reveal that they were there because they are just fishing for information. Accessing these accounts will reveal where you bank, shop, and live, and yields information about your family, pets, and interest which helps uncover other potential passwords.
In ever single one of these major data breaches, the same pattern has emerged: it appears that no immediate unauthorized account activity has occurred, but within 6 month there is a spike in online fraud cases resulting in millions of dollars of theft.
Two things you can do:
First, get a good password manager so you can start using a different complex password for each site! There are a lot of them out there, so here’s an excellent article on the top 5 to get you started:
I use KeePassX (http://www.keepassx.org/) because it’s an open source tool that works on Windows and Mac OS X alike.
Next, you’ll want to see if your account is in one of many hacked lists. Head over to this site to check to see if your email address shows up on any lists:
(NOTE: You do not need to sign up for their monitoring service, just click the “Have you found my account” button.)
Right now, you data is probably safe. But right now hackers are busy decrypting the data and will be quietly testing to see what users they can gain access to. In a couple week we’ll start seeing the first rise of fraud cases spiking again, so now is the time to make sure you are not one of the victims.