NEW YORK (AP) — E-commerce site eBay is asking users to
change their passwords after a cyberattack compromised a company
database containing customers’ names, encrypted passwords, email
addresses, physical addresses, phone numbers and dates of birth.
The
company said Wednesday that there is no evidence that any financial or
credit card information was stolen and no sign that the breach has
resulted in unauthorized activity for its 145 million active users.
EBay
says its investigation is active and it can’t comment on the specific
number of accounts affected, but says the number could be large.
Cyberattackers
stole a small number of employee log-in credentials that gave access to
eBay’s corporate network, the company said. The San Jose,
California-based company is working with law enforcement to investigate
the attack.
The database was hacked sometime between late February
and early March, but compromised employee log-in credentials were first
detected two weeks ago.
EBay owns electronic payment service
PayPal, but eBay says there is no evidence PayPal information was
hacked, since that data is stored separately.
The attack follows
several other high-profile data security incidents, including a massive
breach at Target stores and the recent discovery of the "Heartbleed."
computer security flaw. Heartbleed is a point of weakness in a key piece
of security technology used by more than 500,000 websites that had been
exposing online passwords and other sensitive data to potential theft
for more than two years.
And during Target’s data breach last
year, hackers stole about 40 million debit and credit card numbers and
personal information for 70 million people.
Shares of eBay Inc. fell 8 cents to $51.88 in Wednesday’s trading.