US online giant eBay said Wednesday cyberattackers broke into its database with customer names, passwords and other personal data earlier this year.
The California company said it was notifying its customers, and urging them to change passwords to protect their personal and financial information.
An eBay statement said the database was compromised between late February and early March and “included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth.”
But it added that it “did not contain financial information or other confidential personal information.”
An eBay spokeswoman said the attack did not affect data from PayPal, the finance and payments unit of the company, noting that PayPal data is stored separately.
Potentially affecting eBay’s 128 million active users, the attack could be one of the largest affecting a retailer, and comes just months after retail giant Target disclosed a breach which could affect more than 100 million.
The company said it detected “compromised employee log-in credentials” about two weeks ago and began an investigation.
The statement added eBay “is aggressively investigating the matter and applying the best forensics tools and practices to protect customers” and was working with law enforcement and security experts.