Personal information for all of eBay’s 145 million active buyers could have been accessed in a hack two months ago, a company spokeswoman said, as the online marketplace advised all users to change their passwords Wednesday.
The database contained encrypted passwords and was compromised from late February into March. The hacked database contained customer information including names, phone numbers, birth dates, home addresses and email addresses. It did not include financial information, the site said.
The company has not yet said how many accounts were breached, but personal information for all eBay users in the database was potentially compromised, according to eBay spokeswoman Amanda Christine Miller.
Information for PayPal, an eBay subsidiary, is encrypted and maintained separately.
“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” the company said in a statement. EBay has seen “no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.”
The breach was discovered about two weeks ago, according to eBay, leading to a probe that identified the hacked database. The company said it is "aggressively investigating the matter" and working with law enforcement.
EBay users will be contacted by the company on Wednesday asking them to change their passwords. A notice asking users to change their eBay passwords was first posted on the company website for PayPal, which is owned by eBay and handles its online payments.
Users who use the same password on eBay and other websites should change their passwords on all sites, the company said.
PayPal released a statement saying that an investigation has not uncovered any evidence that information for its customers was hacked.
“PayPal customer and financial data is encrypted and stored separately, and PayPal never shares financial information with merchants, including eBay,” PayPal said.
High-profile hackings have plagued several companies in recent months. Target reported a massive security breach that laid financial information for tens of millions of customers vulnerable over the holiday season. AOL Mail reported a major hack in April in which email accounts were broken into and used to send out spam.