eBay is asking its users to change their passwords because of a cyber-attack that compromised a database containing encrypted passwords and other non-financial data.
The company says it has no evidence of the compromise resulting in unauthorised activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats.
However, changing passwords is a best practice, it says, and will help enhance security for eBay users.
The company “regrets any inconvenience or concern that this password reset may cause our customers” it says on its site. “We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.
“Cyber-attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay’s corporate network,” the company says.
eBay says that the database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, e-mail address, physical address, phone number and date of birth.
However, it says, the database did not contain financial information or other confidential personal information. The compromised employee log-in credentials were first detected about two weeks ago, which led to the affected database being identified.
The company said it has seen no indication of increased fraudulent account activity on eBay, nor has it evidence of unauthorised access or compromises to personal or financial information for PayPal users.
PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted, eBay says.