TL;DR: eBay’s security was breached in late February, early March. Customer personal information was stolen. The breach was discovered two months later. The details of the breach are scarce, but eBay has divulged that the attackers only needed simple username and password to breach eBay’s security. Using just username and password to access customer personal information is bad. Storing customer personal information in plain text is a major no-no for any organisation that manages customer personal information. It is even a bigger no-no when the business model is based on trust.