Online retailer eBay Inc. (NASDAQ:EBAY) said on Wednesday that a database containing user information was hacked sometime between late February and early March but only discovered recently, and the company encouraged users to change their passwords.
San Jose, California-based eBay said financial or credit card information was not compromised in the hacking attack, noting there was no evidence of compromises to the company's payment site PayPal, whose data is reportedly stored on a separate, secure network. But customer information was stolen, including encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth. The attack was detected about two weeks ago. “Extensive forensics” identified the compromised database, eBay said.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” the online retailer said in a statement. “We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
Emails notifying eBay users of the attack and urging them to change their passwords were set to be sent out later Wednesday.
The company said the cyberattack “compromised a small number of employee-log-in credentials, allowing unauthorized access to eBay’s corporate network. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”
EBay said it hadn't seen any signs of increased fraudulent activity on its website after the attack