May 21, 2014 -- The popular online merchandise site eBay is urging its customers to change their passwords after hackers managed to slip into one of its databases months ago.
In a posting on the company’s website, eBay said a cyber-attack “compromised a database containing encrypted passwords and other non-financial data.”
Hackers broke into the database "between late February and early March," but eBay didn't detect a problem with employee log-in credentials -- which the hackers had hijacked -- until about two weeks ago, the statement said.
The company assured customers that it's seen “no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.”
“However,” the company said, “changing passwords is a best practice and will help enhance security for eBay users.” EBay said as of its last quarter, it had 145 million "active buyers."
EBay said the hackers would have had access to customer information like name, encrypted password, email address, physical address, phone number and date of birth. "[T]he database did not contain financial information or other confidential personal information," the company said. In a separate Q&A post, eBay said it “will not speculate” as to who may be responsible for the hack.
If shoppers use the same password on other sites, the company urged they change those as well.
“Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensic tools and practices to protect customers,” the company posting said.
EBay is best known as a site for competitive bidding on merchandise, but the company said it has evolved into a "global commerce and payments company" where some 75 percent of items sold is new merchandise, "available for immediate purchase."
This report has been updated.