E-commerce company eBay Inc announced on Wednesday seeking users to change their login credentials. It said that client identity information including emails, addresses and birthdays was stolen in a hacking attack between late February and early March.
PayPal account holder information was not accessed or compromised. Learn more: http://t.co/adf7soaTNE.
— eBay Inc. (@ebayinc) May 21, 2014
It urged users to change their passwords after the attack on a database that also contained encrypted passwords, physical addresses and phone numbers.
eBay has no evidence of unauthorized access to credit card or financial info of eBay users. More: http://t.co/as09EdsCBv
— eBay (@eBay) May 21, 2014
It said it found no evidence of any unauthorized access to financial or credit card information.
eBay shares fell as much as 3.2 % after the latest high-profile hacking attack on a U.S. company.
"For the time being, we cannot comment on the specific number of accounts impacted. However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords," eBay spokeswoman Kari Ramirez told Reuters.
After conducting extensive tests on its networks, the company said that it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.
According to eBay, Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network, the company said. Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information. The company said that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.
The company said it has seen no indication of increased fraudulent account activity on eBay. The company also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted.
Beginning later today, eBay users will be notified via email, site communications and other marketing channels to change their password. In addition to asking users to change their eBay password, the company said it also is encouraging any eBay user who utilized the same password on other sites to change those passwords, too.
eBay asks all users to change passwords due to cyberattack that compromised non-financial info in a database: http://t.co/as09EdsCBv
— eBay (@eBay) May 21, 2014
The company said it found no evidence of unauthorized access to personal or financial information for users of its online payment service, PayPal.EBay Inc earlier issued a notice on its PayPal website asking users to change their passwords, but took down the message a short time later without explanation.
With agency inputs