EBay customers must reset passwords after major hack

Watch a hacker steal encrypted passwords
Watch a hacker steal encrypted passwords

Hackers quietly broke into eBay two months ago and stole a database full of user information, the online auction site revealed Wednesday.

Criminals now have possession of eBay (EBAY) customer names, account passwords, email addresses, physical addresses, phone numbers and birth dates.

The company said the passwords were encrypted and are virtually impossible to be deciphered. Still, as a precaution, eBay is asking everyone to reset their passwords late Wednesday.

The company isn't saying how many of its 148 million active accounts were affected -- or even how many customers had information stored in that database. But an eBay spokeswoman said the hack impacted "a large number of accounts."

Related story: What China's hacker spies were doing

EBay's subsidiary, PayPal, said it was untouched by the data breach. PayPal data, which is sensitive because it includes payment information, is kept on a separate network.

See how FBI made global hacker bust
See how FBI made global hacker bust

To hack into the eBay database, the cyber attackers managed to get their hands on "a small number" of eBay employee log-in credentials, the company said. They then used that to worm their way into eBay's corporate network. The hackers grabbed the customer database between late February and early March.

It wasn't until two weeks ago that eBay discovered employee credentials had been stolen, the company said. The company then conducted a forensic investigation of its computers and found the extent of the theft.

The company said it hasn't spotted any increase in fraudulent activity on eBay yet.

The good news for eBay customers is that the passwords were encrypted with a technique known as hashing, which turns text into irreversible jumbled code. And they were "salted" with an added random digit or two. Also, eBay's password requirements are ranked slightly better than average by password manager Dashlane. That'll make them even harder to decrypt.

But that's not the point. The real danger here is in the fallout of such a major data breach. Hackers now know where you live. They can call you. Expect to receive fake deals and offers. Beware of getting duped into revealing even more sensitive information, like your bank details or Social Security number.

This is only the latest major data breach compromising people's digital lives. In April, AOL (AOL) announced hackers stole "a significant number" of its 120 million users' email addresses, passwords, contact lists and more.

CNNMoney Sponsors