The U.S. e-commerce giant eBay has asked its about 145 million users to change passwords, following a cyber attack that compromised database containing encrypted passwords and other non-financial data.
The U.S.-based firm said though it has not found evidence of any compromises, changing passwords is a best practice and will help enhance security for eBay users.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, e-mail address, physical address, phone number and date of birth.
“After conducting extensive tests on its networks, eBay has no evidence of the compromise resulting in an unauthorised activity for eBay users, and no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats,” it said in a statement.
However, changing passwords is a best practice and will help enhance security for eBay users, it added.
eBay further stated that it has found no evidence of unauthorised access or compromises to personal or financial information for PayPal users.
“PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted,” it said.
eBay users will be notified via email, site communications and other marketing channels to change their password.
In addition to asking users to change their eBay password, the company has also urged users, who utilised the same password on other sites, to change those passwords too.
Cyber attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay’s corporate network, the company said.
It added that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database.
The company said it is working with law enforcement and leading security experts to aggressively investigate the matter and applying the best forensics tools and practices to protect customers.
This is one of the largest data breaches witnessed over the last few years. Last year, software maker Adobe Systems was attacked by hackers resulting in about 152 million user accounts being compromised.