eBay issued an advisory to its customers to change their passwords due to a cyberattack that compromised a database holding non-financial data.
The company said it couldn't find any evidence that there was unauthorized activity for eBay customers and no access to financial information. The compromised database held encrypted passwords, but financial data is stored separately. PayPal databases weren't affected.
According to eBay, the compromised database held the following:
- Customer name
- Encrypted password
- Email address
- Physical address
- Phone number
- Date of birth
eBay acknowledged that a mass customer password reset is a pain, but it's best practice to get new credentials following a cyber attack. eBay will begin contacting customers today.
Based on eBay's investigation, attackers compromised employee log-in credentials to get access to the corporate network. The database was hit between late February and early March.