eBay today revealed that attackers 'compromised a database containing encrypted passwords and other non-financial data' between late February and early March. The database included names, e-mail addresses, home addresses, phone numbers, and dates of birth. While there is 'no evidence of the compromise resulting in unauthorized activity for eBay users,' the company is recommending that users change their passwords.
The attackers were able to log in to eBay employee accounts.'Cyberattackers compromised a small number of employee log-in credentials, allowing unauthorized access to eBay's corporate network,' the eBay announcement said. 'Working with law enforcement and leading security experts, the company is aggressively investigating the matter and applying the best forensics tools and practices to protect customers.'
eBay detected the unauthorized employee logins two weeks ago, and '[e]xtensive forensics subsequently identified the compromised eBay database, resulting in the company’s announcement today.' Financial and credit card information was apparently not affected as it is 'stored separately in encrypted formats.' PayPal data is also stored separately.