EBay has asked all of its customers to change their passwords after attackers got hold of employee logins and entered the online retailer's corporate network, accessing user data.
Some 145 million eBay customers will need to change their their details as a result.
According to eBay, the attackers were able to access a database containing customers' names, emails and physical addresses, plus their phone number, date of birth - and encrypted passwords.
EBay said it has no evidence to suggest financial or credit card information was leaked during the breach, as this is stored separately in encrypted formats. Nor has it had any indication of fraudulent account activity taking place on the auction site as result.
While the attack took place sometime between late February and early March, the compromise was not discovered by eBay until two weeks ago.
The company, which claims to have enabled a trading volume of US$205 billion (AUD$222 billion) last year was quick to clarify that its payments arm, Paypal, was not affected by the hack.
"[EBay] has no evidence of unauthorised access or compromises to personal or financial information for PayPal users. PayPal data is stored separately on a secure network, and all PayPal financial information is encrypted," the online retailer said.
However, users who have the same password for both ebay and Paypal are advised to change it immediately, and ensure they're different for the two sites.
Its not the first time the site has been ensnared in a password security controversy.
EBay's Japanese subsidiary was found in March this year to have created passwords for its customers comprising their usernames with the +123456 "salt" added to them, allowing anyone who knew about this weakness to log in to any account.