Should you change your eBay password?

[box type=”note”]Update: Since this story was written, eBay has confirmed that it has suffered a security breach, and that users should change their passwords. Read more here.

It’s all very curious.

A post has appeared on PayPal’s community site and press website claiming that eBay is going to ask all eBay users to change their passwords.

eBay asks you to change your passwords?

Sign up to our free newsletter.
Security news, advice, and tips.

eBay Inc. To Ask All eBay Users To Change Passwords

place holder text.

If you click on the link you get taken to this:

eBay password notice?

PayPal, you will recall, is owned by eBay. It seems, therefore, somewhat unlikely that they would be pulling the leg of eBay users.

And yet, the message is clearly incomplete.

I see a few possible explanations until PayPal or eBay tells us what is going on:

  1. Some mischief-maker has managed to access PayPal’s blog and post a bogus headline. That wouldn’t be good news.
  2. There’s been an internal screw-up at PayPal, and someone has accidentally published a blog post (perhaps prepared during a crisis management exercise) claiming that all eBay passwords need to be reset. That wouldn’t be good news, but not as bad as an unauthorised party gaining access to the PayPal blog… or indeed as bad as a security breach
  3. PayPal has identified, or been responsibly informed of, a security issue that requires users to change their passwords as a precaution. That wouldn’t be good, but better than some scenarios.
  4. PayPal has had a security breach and is going to ask all of its users to change their passwords. Their announcement has been published a little before schedule, before they’d finished writing it. That wouldn’t be good.

I don’t know which scenario is true. But I just changed my eBay password.

You may wish to do the same.

Via Engadget.

Update: The mystery post has now disappeared from PayPal’s website. It will be interesting to see if they make any further comment.

Later update: Oh dear. eBay has now confirmed it has suffered a security breach.

What do you think is happening? Leave your opinion below while we wait to hear official word from eBay/PayPal


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Should you change your eBay password?”

  1. My bank phoned me this to check that I was the person who used my PayPal account 5 times yesterday

  2. Colm

    By radically changing a password before an official release is good, although that would also hint at another possibility:

    * Through whatever new security measures eBay are going through, or worse still, an ongoing attack, prematurely changing one's password may not be preventative, as you may be asked to do it again once the correct action has been taken.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.