eBay is asking all users to change their passwords following an attack on a database that contained encrypted passwords and other user data.
While eBay did not find evidence of unauthorized use of eBay accounts, the company is asking users to change passwords on eBay and on any other website where they use the same password. The database compromise occurred between late February and early March, and was discovered about two weeks ago.
"There is no evidence that any financial information was accessed or compromised; however we are taking every precaution to protect our customers," says Kari Ramirez, an eBay spokesperson, in an email to PaymentsSource.
Credit card and financial information is stored separately from the database that was attacked, the company said in a May 21 press release. The affected database held eBay customers' names, encrypted passwords, email addresses, physical addresses and dates of birth. PayPal data is stored separately, and all PayPal financial information is encrypted, eBay said.
The attackers compromised an undisclosed number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, eBay said. The company is working with law enforcement and security experts to further investigate the incident.
EBay's marketplace business had 145.1 million active buyers as of March 31, according to the company's first-quarter earnings report. An active buyer user is one who completed a transaction on eBay, Half.com, StubHub, GittiGidiyor or eBay's Korean unit within the prior 12 months.
PayPal recently deflected a separate accusation of a security lapse tied to a social-engineering attack designed to steal a coveted single-letter Twitter username, @N, from the account's owner. The victim claimed that the attacker tricked PayPal into divulging part of his card account number as part of the extortion scheme. PayPal said the attacker attempted to get this information from it, but failed.