eBay Inc. announced on Wednesday that it was the target of a cyberattack that compromised a database containing non-financial data, including encrypted passwords. Because of this, eBay requests that all users change their passwords immediately.
The company has conducted "extensive" tests on its networks, and found no evidence of unauthorized activity via user accounts. eBay also found no signs of unauthorized access to credit card or financial information, which is stored in encrypted formats on a separate system. However, eBay insists that everyone change their passwords just in case.
eBay reports that hackers gained access to the corporate network by compromising a small number of employee log-in credentials. The company is now working with security experts and law enforcement to "aggressively" investigate the cyber break-in, and to protect customers by applying "the best forensics tools and practices."
eBay reveals that the problem was first detected around two weeks ago. A thorough investigation showed that the database was compromised in late February to early March. Hackers gained access to eBay customers' name, encrypted password, email address, physical address, phone number and date of birth. As previously stated, financial information is stored on a separate database.
"The company said it has seen no indication of increased fraudulent account activity on eBay," states the announcement. "The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted."
eBay users should expect to see email notifications to change the password starting Wednesday afternoon. The company will also alert users via site communications and other methods. eBay recommends that all users change their passwords on other services and sites if they're the same one used on eBay.