eBay Inc. (NASDAQ:EBAY) revealed that its database with encrypted passwords and other non-financial data has been compromised due to a cyberattack. It is encouraging its 145 million registered user to change their passwords.
According to the company, extensive tests were conducted on its network and found no indication that the cyberattack resulted to unauthorized activity for eBay users and no evidence of any illegal access to financial or credit card information.
eBay Inc. (NASDAQ:EBAY) said the financial data of its users are separately stored in encrypted formats, but still the company emphasized that “changing passwords is the best practice.” It will also improve the security for its users.
The company said the perpetrators hacked the log-in credentials of a small number of its employees, which enabled them to access its corporate network. eBay Inc. (NASDAQ:EBAY) discovered the attack two weeks ago and subsequently identified the affected database after conducting extensive forensics.
The cyberattackers compromised its database that contains customer’s names, e-mail addresses, phone numbers, date of birth, and encrypted passwords. The company emphasized that the database does not contain customer’s financial and other confidential personal information.
A spokesperson for eBay Inc. (NASDAQ:EBAY) said, “We are cooperating with law enforcement on the investigation into the attack. There is no evidence that customer financial information was compromised.”
The personal and financial information of its members on PayPal were not affected. According to eBay Inc. (NASDAQ:EBAY), PayPal’s data is stored separately on a secure network and financial information are encrypted.
The company is sending e-mails to users and it will also use site communications and other marketing channels to encourage them to change their eBay passwords. It is also urging its members to change their passwords on other sites if they are using the same eBay password.
Simon Eappariello, a senior vice president of engineering ar iBoss Network Security commented that the cyberattack was “substantial” if the company is going to contact all of its users to change their passwords. He said, “That’s a major breach in anyone’s book. That’s a lot of data.”