If you have an eBay account, it’s time to change your password. The company released a statement today saying its internal and customer databases were compromised earlier this year, and starting today it will prompt everyone to change their passwords. Attackers made off with names, addresses, email addresses, phone numbers, birth dates, and of course, encrypted passwords. eBay explained that financial info including credit card numbers and other sensitive data (like PayPal account details) are kept in a separate encrypted database which wasn’t compromised. They also said they have found no evidence of unauthorised access or activity by registered eBay users — which is code for “we don’t think anyone’s used these passwords yet”. According to the statement, intruders compromised employee accounts first, and used their access to get the data they really wanted. eBay discovered the breach about two weeks ago, but the actual attack took place back in late February and early March.

As always, if you use the same password on multiple sites, first, change those too, and second, stop using the same password on multiple sites. Instead, use a password manager that generates and remembers strong passwords for all the sites you use around the web.