Online marketplace eBay says it will urge users to change their passwords following a "cyber-attack" impacting a database with encrypted passwords and non-financial data.
The database includes information such as customers' names, encrypted passwords, email and physical addresses, phone numbers and dates of birth.
In a statement released Wednesday, eBay says it has not found evidence of unauthorized activity or access to financial information, based on "extensive" tests. The company says financial data was not affected, pointing out credit card information is encrypted and stored separately from this database.
"We know our customers trust us with their information, and we take seriously our commitment to maintaining a safe, secure and trusted global marketplace," reads a statement from eBay.
The compromise, which happened between late February and early March, resulted from a cyber-attack targeting a small group of employee log-in credentials.
The company says emails will go out to users today to request changes to their passwords.
Trey Ford, security strategist with Rapid7, says attackers could use information taken from the database to pose as legitimate company representatives.
"Users should be wary of anyone contacting them claiming to be eBay or any other company for that matter," says Ford. "Expect an uptick in phishing, do not click links in email, or discuss anything over the phone."