The online auction site eBay has admitted that the name, address, date of birth, telephone number, email address and encrypted password of every eBay account holder worldwide – 233 million people – have been obtained by hackers, in one of the world’s largest ever online security breaches.
ebay has said all users should change their passwords immediately.
The vast cache of sensitive data could be used for an almost limitless number of fraudulent purposes by hackers.
The attack occurred “between late February and early March” the online auction house said in a blog post, but was only discovered in the past two weeks.
The company said in the blog post that no financial data was accessed and that credit card information is stored separately in an encrypted format.
The hackers gained access to the details after they obtained “a small number of employee log in credentials, allowing unauthorized access to eBay’s corporate network,” the company said.
“As a result, a database containing encrypted password and other non-financial data was compromised. There is no evidence of the compromise affecting accounts for Paypal users, and no evidence of any unauthorized access to personal, financial or credit card information, which is stored separately in encrypted formats.”
The online retailer is asking all eBay users to change their passwords immediately.
The company said that it is "aggressively investigating the matter" along with law enforcement agencies.
"The database, which was compromised between late February and early March, included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth," said the company. "However, the database did not contain financial information or other confidential personal information."
eBay said, "We believe we have shut down unauthorized access to our site and have put additional measures in place to enhance our security. We have seen no spike in fraudulent activity on the site."