Auction and e-commerce company eBay today urged its customers to change their passwords in the wake of a breach of its corporate networks by attackers that occurred in late February and early March.
The company announced the breach this morning in a statement on its website. The company said a database containing encrypted passwords and what it called “other non-financial data” has been compromised. Data related to its PayPal payment service was not affected.
“After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”
The company says the attack involved the compromise of employee login credentials, which gave the attackers access to eBay’s internal corporate network. The attack remains under investigation with law enforcement, presumably the FBI. The attack was first detected two weeks ago, eBay said.
EBay shares fell by 94 cents, or nearly two percent, to $51.02 after news of the attack was announced. The shares have fallen by seven percent this year.