eBay has begun the process of asking its entire user base to change their passwords due to hackers gaining access to a database containing encrypted passwords and other non-financial data.
The company announced the decision today, noting that while there was “no evidence of the compromise resulting in unauthorized activity for eBay users,” it’s “best practice” to ask all users to change their passwords.
eBay also confirmed that credit card information is stored separately in encrypted formats, and as such wasn’t revealed by the attack.
“Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers,” the company said.
The breach actually occurred between late February and early March, leaving customers’ names, encrypted passwords, email addresses, physical addresses, phone numbers, and birth dates exposed.
The attackers gained access to the server by compromising “a small number” of employee login credentials, which afforded them access to eBay’s corporate network.
eBay assured that it has seen “no evidence of unauthorized access or compromises to personal or financial information for PayPal users” either.
Starting today, the service will start telling customers to reset their passwords via email and on-site messages. If you’re an eBay user, now is the time to change your password.