eBay has revealed it was hit by a major cyber attack earlier this year, and is urging users to change their site passwords.
The e-commerce provider said in a statement on its website that the security breach took place between late February and early March. Attackers compromised “a small number” of employee login details, and were able to access a database containing eBay customers’ details, including name, encrypted password, email address, physical address, phone number and date of birth.
The company said no confidential or financial information was exposed, but is asking users to change their passwords to prevent unauthorised access to customer accounts.
However, questions will be asked of eBay’s security procedures after the firm admitted that it only became aware of the compromised login details two weeks ago. Subsequent forensic tests revealed the breach to the database.
The company said it has seen no evidence of increased fraudulent activity as a result of the security breach. It also said it has no evidence of “unauthorised access or compromises to personal or financial information” for users of its PayPal online payments business.
“PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted,” said the eBay statement.
Users will be notified by email or through the website and asked to change their passwords. eBay also suggested changing passwords on other sites if customer use the same password on multiple websites.
“Information security and customer data protection are of paramount importance to eBay, and eBay regrets any inconvenience or concern that this password reset may cause our customers,” said the company statement.
“We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace.”
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK