Ebay password change email: fake or not?

After a cyber attack became known in May 2014, Ebay sent an email asking you to change the password. In this practical tip, we clarify whether this email is a fake or not a fake.

Unusual password change email from Ebay - no fake

The email from Ebay comes from quite unusual - after all, it is signed by Devin Wenig, "President, eBay Marketplaces". Nevertheless, the mail is not a fake, but an official communication from Ebay. The signs for this are:

• The mail was sent from an official Ebay address ( ).
• Your full name or Ebay member name is in the footer of the mail - senders of phishing mails usually do not have such personal information.
• The email also makes no attempt to lure you to a phishing website by means of a link or an attachment - it provides factual information about the context of the hack and asks Ebay users to change their password. You can find more information about the cyber attack here on Ebay.
• Ergo: You can trust the information in the mail. Nevertheless: Since many free-riders use the Ebay hack to skim passwords even with phishing emails, caution is recommended for such emails. Therefore, we have copied the original text of the mail for you again below.

The original Ebay mail

If your email with the subject "IMPORTANT: PASSWORD CHANGE" has the following text, it comes from Ebay:

• "Dear eBay Member, To ensure that our customers can continue to buy and sell safely and with full confidence on eBay, I ask all eBay users to change their password. The reason is as follows: We recently found that Our corporate network has become the target of a cyberattack, accessing a database of eBay users' passwords. What you should know: There is no evidence that your payment information has been accessed or the security of the attack in any way was compromised. And your password was encrypted. "
• "Please do the following: Go to eBay and change your password. If you changed your password on or after May 21st, no further steps are necessary. I am aware that it will mean additional effort for you, your password We do everything we can to protect your information, and changing your password is another precaution - in addition to the other security measures we've implemented. If you were previously only using eBay as a guest, none would If you also use the password that you use on eBay for other websites, you must also change it there. And for PayPal users, there is no evidence that your PayPal account or your PayPal account Payment information is affected as it is securely encrypted in a separate system with PayPal. "
• "In addition, we do the following: In the event of any unauthorized activity on your eBay account, our strong protective measures for buyers and sellers continue to apply. We implement additional security measures to protect our customers. We work with the relevant law enforcement agencies and with leading security experts to investigate this incident. "
• What we do know: The attack occurred between late February and early March and resulted in an illegal access to a database of eBay user information - including customer names, encrypted passwords, email addresses, postal addresses, phone numbers and birth dates. However, the file did not contain any payment information, and after intensive examination and analysis of our databases, we have found no evidence that our users' bank or credit card data are affected. We also saw no signs of an increase in fraud or decryption of passwords on our website. We are aware that this situation can be irritating for you and means additional effort. We very much regret this. For eBay as a global marketplace, nothing is more important than the security and trust of our customers. Our customers have high expectations of us. We face this responsibility by offering you a secure trading platform, no matter which device you use eBay on. "

How to protect yourself from phishing emails

Especially with alleged PayPal, Ebay or Amazon emails, there is a lot of trouble on the Internet. Therefore, you should generally observe the following tips for protection against phishing emails.