Customer passwords, information exposed in eBay hacking attack

E-commerce company eBay has urged users to change their passwords after a cyberattack on its database that contained encrypted passwords, physical addresses and phone numbers.

The company said client identity information including e-mails, addresses and birthdays was stolen in a hacking attack between late February and early March.

The company said it found no evidence of any unauthorised access to financial or credit card information, which is stored separately in encrypted formats.

EBay shares fell as much as 3.2 per cent in yesterday's morning trading in New York after the latest high-profile hacking attack on a US company.

"For the time being, we cannot comment on the specific number of accounts impacted," eBay spokeswoman Kari Ramirez said. "However, we believe there may be a large number of accounts involved and we are asking all eBay users to change their passwords."

EBay is asking users to change their passwords on its own service and on any other site where that password is used. An eBay spokeswoman said the attack did not affect data from PayPal, the finance and payments unit of the company, noting that PayPal data was stored separately.

Potentially affecting eBay's 128 million active users globally, the attack could be one of the largest affecting a retailer, and comes just months after retail giant Target disclosed a breach that could affect more than 100 million customers.