EBay says customer information stolen in hacking attack

Citing a cyberattack that compromised a database containing encrypted information, the e-commerce site eBay asked users on Monday to change their passwords, cautioning that there was no evidence yet of any financial or credit card details being stolen.

The attack on eBay was made through compromised employee accounts that allowed unauthorized access to its corporate network, the company said in a statement. 

The database, which also included client identity information such as emails, addresses and birthdays, was hacked sometime between late February and early March, but compromised employee login credentials were first detected only two weeks ago.

EBay said it was investigating the breach and working with law enforcement agencies. The company, however, said it could not comment on the specific number of accounts affected. It had 145 million active users at the end of the first quarter.

"For the time being, we cannot comment on the specific number of accounts impacted," eBay spokeswoman Kari Ramirez told Reuters. "However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords."

The company, which also owns the electronic payment service PayPal, said there is no evidence PayPal information was hacked, since that information is stored separately on a secure network.

EBay has been attacked before. In February, hacking group Syrian Electronic Army breached and defaced websites belonging to PayPal UK and eBay.

This most recent attack follows several other high-profile hacking incidents, including a massive data breach at Target stores and the spread of the computer security flaw nicknamed Heartbleed. Heartbleed took advantage of a flaw in a key piece of security technology used by more than 500,000 websites that had been exposing online passwords and other sensitive data to potential theft for more than two years.

And during the Target credit data breach last year, hackers stole about 40 million debit and credit card numbers and personal information for 70 million people.

Wire services