There was some confusion on Wednesday morning as eBay initially posted an alert asking users to change their passwords and then subsequently removed it from the site without any apparent explanation.
Then it posted this announcement on its corporate website confirming that it will indeed be making requests for users to update passwords “because of a cyberattack that compromised a database containing encrypted passwords and other non-financial data.”
The information that may have been taken from the company included eBay customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth.
“There is no evidence that any financial information was accessed or compromised; however we are taking every precaution to protect our customers,” a rep for the company says in a statement.
The company says that all financial and credit card information is stored separately from the database that was compromised.
“Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay’s corporate network,” says the company. “Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.”
The hack actually occurred back in late February and early March. According to eBay, it knows of no increased fraudulent account activity on eBay as a result of the hack.