The U.S. e-commerce giant eBay has asked its about 145 million users to change passwords, following a cyber attack that compromised database containing encrypted passwords and other non-financial data.
The U.S.-based firm said though it has not found evidence of any compromises, changing passwords is a best practice and will help enhance security for eBay users.
The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, e-mail address, physical address, phone number and date of birth.
eBay users will be notified via email, site communications and other marketing channels to change their password.
In addition to asking users to change their eBay password, the company has also urged users, who utilised the same password on other sites, to change those passwords too.
Cyber attackers compromised a small number of employee log-in credentials, allowing unauthorised access to eBay’s corporate network, the company said.
It added that the compromised employee log-in credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database.
The company said it is working with law enforcement and leading security experts to aggressively investigate the matter and applying the best forensics tools and practices to protect customers.
This is one of the largest data breaches witnessed over the last few years. Last year, software maker Adobe Systems was attacked by hackers resulting in about 152 million user accounts being compromised.
