Personal information for all of eBay’s 145 million active buyers could have been accessed in a hack two months ago, a company spokeswoman said, as the online auction giant advised all users to change their passwords Wednesday.
The database contained encrypted passwords and was compromised from late February into March. The hacked database contained customer information including names, phone numbers, birth dates, home addresses and email addresses. It did not include financial information, the online auction site said.
The company has not yet said how many accounts were breached, but personal information for all eBay users in the database was potentially compromised, according to eBay spokeswoman Amanda Christine Miller.
Information for PayPal, an eBay subsidiary, is encrypted and maintained separately.
“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” the company said in a statement. EBay has seen “no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.”