Over 145 million eBay user records were likely accessed by hackers back in February in what is being called one of the biggest data breaches in history, based on the amount of accounts compromised.
The company has already issued an advisory to its customers to change their passwords "immediately," saying they were among the pieces of data stolen between late February and early March.
Company spokeswoman Amanda Miller said on May 21 that passwords are encrypted and that eBay has no reason to believe that the hackers were able to break the code that "scrambled them," according to Reuters.
"There is no evidence of impact on any eBay customers," Miller said. "We don't know that they decrypted the passwords because it would not be easy to do."
Records obtained by hackers included email addresses, birth dates, mailing addresses, and other personal information.
Financial data like credit card numbers were not accessed however, according to Miller.
The company has hired FireEye Inc's Mandiant forensics division to help investigate the issue.
Originally eBay said that a large number of accounts might have been compromised, but declined to say how many exactly.
Security experts advised EBay customers to watch out for fraud, especially if they use their EBay passwords for other accounts.
"People need to stop reusing passwords and should change their affected passwords immediately across all the sites where they are used," said Trey Ford, global security strategist with cybersecurity firm Rapid7, according to Reuters.
Director of product security with Shape Security Michael Coates said there is a big chance that the hackers would be able to figure out passwords because usually companies only ask users to change passwords if they believe there is a significant chance hackers can access them.
Hackers got in after obtaining login credentials for "a small number" of employees, giving them access to the company's corporate network, according to eBay.
The breach was first discovered earlier this month, according to Reuters.
"We worked aggressively and as quickly as possible to insure accurate and thorough disclosure of the nature and extent of the compromise," Miller said when asked why the company had not immediately notified users.
When all is said and done the breach could be the second-biggest in history for a U.S. company, based on the amount of people supposedly affected by the breach.
The biggest breach was uncovered at Adobe Systems in October 2013, when hackers accessed about 152 million user accounts.
It would also be larger than the controversial Target breach disclosed in December 2013, which included 70 million customer records, and 40 million payment card numbers.