eBay is asking all users to change their passwords because of a cyberattack that it says compromised a database containing encrypted passwords and other non-financial data.
The good news is that, after conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.
"Information security and customer data protection are of paramount importance to eBay," the company said in a statement. "We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace."
Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is investigating the matter.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information, according to eBay.
Compromised employee log-in credentials were first detected about two weeks ago. The company said it has seen no indication of increased fraudulent account activity on eBay. PayPal (owned by eBay) users are safe.