On the heels of a cyber attack, eBay is asking users to change their site passwords. Hackers reportedly used employee credentials to access the auction site’s corporate network and a database that housed customer sensitive information—though eBay says all stolen data was nonfinancial and not confidential.
The data—consisting of customer names, passwords, email and physical addresses, phone numbers, and birthdates—was taken between late February and early March of this year. EBay says it first became aware of the corrupted employee log-in two weeks ago. Following extensive tests, eBay reports that it’s seen no signs of unauthorized activity on the site and no evidence of unauthorized access to financial or credit card information—that information is stored separately and in an encrypted format—though the site is still urging users to change their passwords.
A press release on eBay’s blog emphasized the company’s dedication to “information security and customer data protection,” noting: “We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure, and trusted global marketplace.”
The company is working in conjunction with police and security experts to investigate the matter and implement the best tools and practices to help its customers.