EBay hit in cyberattack, 112 million user accounts compromised

EBay (NASDAQ:EBAY) has joined a growing list of retailers now victims of cyberattacks and is advising 112 million users to change their passwords. 

The breach compromised data containing a list of encrypted passwords that could potentially be decrypted through publicly available tools. After conducting extensive tests on its networks, the company said it has no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats.

The compromised database does not contain payment information and the credit card information is encrypted and stored separately from this database. Information that was compromised includes customers' names, email addresses, physical addresses, phone numbers and dates of birth.

EBay's payment-processing unit, PayPal, has seen "no evidence of unauthorized access or compromises to personal or financial information." PayPal users' financial information is stored on a separate network, eBay noted.

The attack itself happened between late February and early March when hackers broke into eBay's network using employee login credentials, which allowed the attackers to gain access to eBay's corporate network.

The database did not contain financial information or other confidential personal information. The company said that the compromised employee login credentials were first detected about two weeks ago. Extensive forensics subsequently identified the compromised eBay database, resulting in today's announcement.

EBay joins Target (NYSE: TGT), Sally Beauty, Neiman Marcus and Michaels as retail victims of cyberattacks, but it could be the largest since 40 million credit card accounts and personal information of 70 million Target shoppers were compromised in 2013.

For more:
-See this eBay statement

Related stories:
EMV migration won't save retail
Steinhafel's departure leaves Target looking for redemption
Target: Timeline of a data breach
Target breach: Heating vendor confirmed as hackers' entry point
EBay pilots click-and-collect program, prepares to take PayPal in-store